UniFi Play Devices Face Critical Command Injection Vulnerabilities

/CRITICAL
SCW vulnerabilitycvecriticalhigh-severitycommand-injectioncwe-20
UniFi Play Devices Face Critical Command Injection Vulnerabilities

The National Vulnerability Database (NVD) has issued a critical advisory regarding multiple improper input validation vulnerabilities, tracked as CVE-2026-22563. These flaws, affecting UniFi Play PowerAmp and UniFi Play Audio Port devices, could enable a malicious actor with network access to execute command injection attacks.

Specifically, the NVD reports that UniFi Play PowerAmp devices running version 1.0.35 and earlier, along with UniFi Play Audio Port devices on version 1.0.24 and earlier, are susceptible. This isn’t just a bump in the road; with a CVSS score of 9.8, this vulnerability is sitting squarely in the ‘critical’ zone. Improper input validation (CWE-20) is often a gateway to more severe issues, and in this case, it’s a direct path to full-blown command injection.

The implications are significant. A successful command injection could grant an attacker extensive control over the affected devices, leading to data compromise, system disruption, or even lateral movement within a compromised network. It’s the kind of access that keeps security pros up at night. Fortunately, mitigations are available.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

🛡️ Detection Rules

4 rules · 5 SIEM formats

4 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-22563

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

4 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-22563 Command Injection UniFi Play PowerAmp version 1.0.35 and earlier
CVE-2026-22563 Command Injection UniFi Play Audio Port version 1.0.24 and earlier
CVE-2026-22563 Improper Input Validation Malicious actor with access to the UniFi Play network

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs