Cyber Posture

CVE-2026-22564

Critical

Published: 13 April 2026

Published
13 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22564 is a critical-severity Improper Access Control (CWE-284) vulnerability in Ui (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique SSH (T1021.004); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to SSH (T1021.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Directly enforces approved access authorizations to prevent unauthorized network access from enabling SSH and making system changes.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the specific improper access control flaw through vendor firmware updates as recommended in the advisory.

AC-6 Least Privilege partial match
prevent

Applies least privilege to restrict the ability to enable SSH or perform unauthorized modifications even if initial network access is obtained.

MITRE ATT&CK Enterprise TechniquesAI

T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
attack.mitre.org →
Why these techniques?

Vulnerability enables unauthorized activation of SSH remote service on affected network devices.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port…

more

(Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

Deeper analysisAI

CVE-2026-22564 is an Improper Access Control vulnerability (CWE-284) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), published on 2026-04-13. It affects UniFi Play PowerAmp versions 1.0.35 and earlier, as well as UniFi Play Audio Port versions 1.0.24 and earlier. The flaw enables a malicious actor with access to the UniFi Play network to enable SSH access, potentially leading to unauthorized system modifications.

An attacker who gains access to the UniFi Play network can exploit this vulnerability remotely without authentication or user interaction. Successful exploitation allows the attacker to enable SSH, granting them the ability to make unauthorized changes to the affected systems, resulting in high impacts to confidentiality, integrity, and availability.

Ubiquiti's Security Advisory Bulletin 063 recommends updating UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later to mitigate the vulnerability. Additional details are available at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83.

Details

CWE(s)
CWE-284

Affected Products

Ui
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-25950Shared CWE-284
CVE-2026-5786Shared CWE-284
CVE-2026-32768Shared CWE-284
CVE-2026-33109Shared CWE-284
CVE-2025-24968Shared CWE-284
CVE-2025-54914Shared CWE-284
CVE-2025-1941Shared CWE-284
CVE-2025-1259Shared CWE-284
CVE-2025-66956Shared CWE-284
CVE-2026-32254Shared CWE-284

References