Cyber Resilience

CVE-2026-22564

Critical

Published: 13 April 2026

Published
13 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0042 33.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-22564 is a critical-severity Improper Access Control (CWE-284) vulnerability in Ui (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique SSH (T1021.004); ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22564 is an Improper Access Control vulnerability (CWE-284) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), published on 2026-04-13. It affects UniFi Play PowerAmp versions 1.0.35 and earlier, as well as UniFi Play Audio Port versions 1.0.24 and earlier. The flaw enables a malicious actor with access to the UniFi Play network to enable SSH access, potentially leading to unauthorized system modifications.

An attacker who gains access to the UniFi Play network can exploit this vulnerability remotely without authentication or user interaction. Successful exploitation allows the attacker to enable SSH, granting them the ability to make unauthorized changes to the affected systems, resulting in high impacts to confidentiality, integrity, and availability.

Ubiquiti's Security Advisory Bulletin 063 recommends updating UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later to mitigate the vulnerability. Additional details are available at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port…

more

(Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
Why these techniques?

Vulnerability enables unauthorized activation of SSH remote service on affected network devices.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20628Shared CWE-284
CVE-2024-12368Shared CWE-284
CVE-2026-7198Shared CWE-284
CVE-2026-46818Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2025-70363Shared CWE-284
CVE-2026-34310Shared CWE-284
CVE-2025-30433Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-48619Shared CWE-284

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved access authorizations to prevent unauthorized network access from enabling SSH and making system changes.

prevent

Requires timely remediation of the specific improper access control flaw through vendor firmware updates as recommended in the advisory.

prevent

Applies least privilege to restrict the ability to enable SSH or perform unauthorized modifications even if initial network access is obtained.

References