Critical UniFi Play Flaw: SSH Access Hijack Risk

A critical improper access control vulnerability, identified as CVE-2026-22564, poses a significant risk to UniFi Play PowerAmp and Audio Port devices. According to the National Vulnerability Database, this flaw could allow a malicious actor with access to the UniFi Play network to enable SSH. Once SSH is enabled, an attacker could make unauthorized and potentially damaging changes to the system.

The National Vulnerability Database has assigned this vulnerability a CVSS score of 9.8, categorizing it as CRITICAL. This is a severe weakness, falling under CWE-284, which highlights the broad issue of improper access control. The affected products include UniFi Play PowerAmp, specifically versions 1.0.35 and earlier, and UniFi Play Audio Port, versions 1.0.24 and earlier. This isn’t just a theoretical threat; unauthorized SSH access is a clear path to full system compromise.

Ubiquiti, the vendor, has rolled out patches to mitigate this risk. To secure their deployments, users of UniFi Play PowerAmp should update to version 1.0.38 or later. Similarly, UniFi Play Audio Port users need to update to version 1.1.9 or later. Proactive patching is the only way to shut down this attack vector and prevent potential network breaches.