CVE-2026-22562

Ubiquiti · UniFi Play

A path traversal vulnerability in UniFi Play firmware allows remote code execution (RCE) by enabling attackers to write arbitrary files to the system.

Executive summary

Critical path traversal vulnerabilities in Ubiquiti UniFi Play firmware could allow unauthenticated remote attackers to achieve full system compromise via remote code execution.

Vulnerability

The flaw is a path traversal vulnerability residing in the device firmware, which allows attackers to write files to the underlying system. This capability facilitates remote code execution (RCE) by an attacker with access to the UniFi Play network.

Business impact

Successful exploitation poses a severe threat to organizational infrastructure, as it grants attackers the ability to execute arbitrary commands on affected devices. With a CVSS score of 9.8, this vulnerability represents a Critical risk that could lead to full system takeover, unauthorized access to network segments, and potential lateral movement within the environment.

Remediation

Immediate Action: Update UniFi Play PowerAmp firmware to version 1.0.38 or later, and UniFi Play Audio Port firmware to version 1.1.9 or later.

Proactive Monitoring: Review device access logs for unauthorized file write attempts or suspicious network traffic originating from the management interface.

Compensating Controls: Restrict network access to management interfaces and ensure that UniFi Play devices are isolated on a dedicated management VLAN to prevent unauthorized access.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the critical nature of this RCE vulnerability and the potential for complete device compromise, administrators must prioritize the immediate application of the provided firmware updates. Ensure all affected hardware is patched according to the vendor's guidance to eliminate the attack vector.