Critical RCE Found in UniFi Play Devices

A nasty path traversal vulnerability, tracked as CVE-2026-22562, has been identified in UniFi Play network devices. According to the National Vulnerability Database, this flaw could allow a malicious actor with network access to write arbitrary files onto the system. This isn’t just a minor annoyance; the NVD warns that such file manipulation could directly lead to remote code execution (RCE) – a red flag for any security team.

The vulnerability impacts UniFi Play PowerAmp devices running versions 1.0.35 and earlier, as well as UniFi Play Audio Port devices on versions 1.0.24 and earlier. Given the potential for RCE, it’s no surprise this one clocks in with a critical CVSS score of 9.8. The CVSS vector, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, paints a clear picture: it’s network-exploitable, low complexity, requires no privileges or user interaction, and provides complete confidentiality, integrity, and availability impacts. This is the kind of vulnerability that keeps admins up at night.

Mitigation is straightforward but critical. National Vulnerability Database advises that UniFi Play PowerAmp users upgrade to version 1.0.38 or later, and UniFi Play Audio Port users update to version 1.1.9 or later. Procrastination here is not an option; an unpatched device is a wide-open door for an attacker.