Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio
Ddos 
Ubiquiti has issued an urgent security advisory for its UniFi Play audio lineup, addressing a suite of vulnerabilities that could allow attackers to seize total control of network-connected amplifiers and audio ports. The vulnerabilities, uncovered by security researcher Bongeun Koo (@kiddo_pwn), include several flaws with a “Critical” CVSS score of 9.8, signaling a significant risk to any environment where these devices are deployed.
Whether you are managing a high-end commercial sound system or a smart home setup, these updates are non-negotiable for maintaining network integrity.
The most severe vulnerabilities in this batch strike at the core of the device’s firmware, allowing for Remote Code Execution (RCE).
-
Path Traversal (CVE-2026-22562): A malicious actor with access to the UniFi Play network can exploit a path traversal flaw in the device firmware. This allows them to write arbitrary files to the system, which can be leveraged to achieve Remote Code Execution (RCE).
-
Command Injection (CVE-2026-22563): A series of improper input validation vulnerabilities could allow a malicious actor to perform a Command Injection attack.
-
Critical Vulnerability (CVE-2026-22564): While specific details on the mechanism are sparse in the summary, this flaw is also rated as Critical (9.8), indicating it poses an equivalent risk of total compromise.
Beyond the high-impact RCE flaws, the advisory details further vulnerabilities that can disrupt operations or allow for unauthorized interactions within the UniFi Play network.
- Service Interruption (CVE-2026-22565): An improper input validation vulnerability (rated High – 7.5) could allow an attacker with network access to cause the device to stop responding entirely, effectively disabling the audio infrastructure.
- Access Control Gaps (CVE-2026-22566, CVSS 7.5): The advisory also notes an Improper Access Control vulnerability, which could allow unauthorized actors to interact with device settings or functionality if they have gained a foothold on the local network.
These vulnerabilities affect the core of the UniFi Play audio ecosystem.
| Affected Product | Vulnerable Versions | Required Update |
| UniFi Play PowerAmp | Version 1.0.35 and earlier | Version 1.0.38 or later |
| UniFi Play Audio Port | Version 1.0.24 and earlier | Version 1.1.9 or later |
In the era of IoT-driven infrastructure, even your amplifiers are part of the attack surface. Secure the sound before someone else takes the stage.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
