{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22563", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-07T15:39:03.440Z", "datePublished": "2026-04-13T21:28:11.100Z", "dateUpdated": "2026-04-14T13:14:19.586Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)\u2028\nUniFi Play Audio Port\u00a0 (Version 1.0.24 and earlier)\u2028 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later\u2028\nUpdate UniFi Play Audio Port\u00a0 to Version 1.1.9 or later"}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Play PowerAmp", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.38", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Play Audio Port", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1.9", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-13T21:28:11.100Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T12:59:16.083892Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:14:19.586Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T12:59:16.083892Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:09:31.094Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Play PowerAmp", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.38", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "UniFi Play Audio Port", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83"}], "descriptions": [{"lang": "en", "value": "A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)\u2028\nUniFi Play Audio Port\u00a0 (Version 1.0.24 and earlier)\u2028 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later\u2028\nUpdate UniFi Play Audio Port\u00a0 to Version 1.1.9 or later"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-13T21:28:11.100Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22563", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:14:19.586Z", "dateReserved": "2026-01-07T15:39:03.440Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-04-13T21:28:11.100Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.\n \nAffected Products:\nUniFi Play PowerAmp (Version 1.0.35 and earlier)\u2028\nUniFi Play Audio Port\u00a0 (Version 1.0.24 and earlier)\u2028 \n\nMitigation:\nUpdate UniFi Play PowerAmp to Version 1.0.38 or later\u2028\nUpdate UniFi Play Audio Port\u00a0 to Version 1.1.9 or later"}], "id": "CVE-2026-22563", "lastModified": "2026-04-30T16:14:21.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-04-13T22:16:28.050", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "UniFi Play Audio Port", "source": "cna", "vendor": "Ubiquiti Inc"}, "product": "unifi_play_audio_port", "vendor": "ubiquiti"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.38)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "UniFi Play PowerAmp", "source": "cna", "vendor": "Ubiquiti Inc"}, "product": "unifi_play_poweramp", "vendor": "ubiquiti"}], "analysis": {"en": {"generated_at": "2026-04-13T22:50:55.939193+00:00", "value": {"mitigation_remediation": ["Update UniFi Play PowerAmp to version 1.0.38 or later", "Update UniFi Play Audio Port to version 1.1.9 or later"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected products are the UniFi Play PowerAmp running version 1.0.35 or earlier, and the UniFi Play Audio Port running version 1.0.24 or earlier. These devices are used to manage audio output and power amplification in networked environments.", "description_and_impact": "A series of improper input validation vulnerabilities in Ubiquiti Inc\u2019s UniFi Play devices allow a malicious actor to perform command injection. This flaw can lead to remote code execution, compromising the device and potentially the entire network. The weakness is categorized as CWE\u201120, indicating unsafe handling of external input.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 9.8, indicating a severe impact if exploited. The EPSS score is unavailable and the vulnerability is not listed in CISA's KEV catalog, but the high severity suggests that it may be actively targeted. Based on the description, the likely attack vector is an actor with access to the UniFi Play network, implying that an internal attacker or someone who has compromised a downstream device could exploit the flaw. Successful exploitation would grant privileged control over the underlying operating system, enabling lateral movement, privilege escalation, and potential compromise of the connected network."}}}}, "created": "2026-04-14T16:17:09.666207+00:00", "title": "Command Injection via Improper Input Validation in Ubiquiti UniFi Play Devices", "updated": "2026-04-14T16:33:00.968409+00:00", "vendors": ["ubiquiti", "ubiquiti$PRODUCT$unifi_play_audio_port", "ubiquiti$PRODUCT$unifi_play_poweramp"]}