Cyber Resilience

CVE-2026-22566

High

Published: 13 April 2026

Published
13 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 3.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22566 is a high-severity Improper Access Control (CWE-284) vulnerability in Ui (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22566 is an Improper Access Control vulnerability (CWE-284) in UniFi Play PowerAmp versions 1.0.35 and earlier, and UniFi Play Audio Port versions 1.0.24 and earlier. Published on 2026-04-13, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The issue stems from inadequate access controls that expose sensitive information within the UniFi Play network environment.

A malicious actor with access to the UniFi Play network can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Exploitation allows the attacker to obtain UniFi Play WiFi credentials, leading to high-impact confidentiality loss without affecting integrity or availability.

Ubiquiti's security advisory recommends updating UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later as the primary mitigation. Additional details are available in Security Advisory Bulletin 063 at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83.

EU & UK References

Vulnerability details

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier)…

more

Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Remote unauthenticated network access via improper access control directly enables exploitation of public-facing apps (T1190) and results in exposure of WiFi credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23782Shared CWE-284
CVE-2025-25381Shared CWE-284
CVE-2025-57266Shared CWE-284
CVE-2026-39339Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-26010Shared CWE-284
CVE-2026-34291Shared CWE-284
CVE-2023-47539Shared CWE-284
CVE-2026-23899Shared CWE-284
CVE-2025-7016Shared CWE-284

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for logical access, preventing unauthorized network users from obtaining sensitive UniFi Play WiFi credentials due to improper access controls.

prevent

Requires timely identification, reporting, and correction of flaws like this improper access control vulnerability through software updates to fixed versions.

prevent

Implements least privilege to restrict access to WiFi credentials only to necessary users or processes, mitigating broad exposure within the UniFi Play network.

References