{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-22563/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-22563"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","unifi","cve-2026-22563"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22563 describes a critical command injection vulnerability affecting UniFi Play PowerAmp (version 1.0.35 and earlier) and UniFi Play Audio Port (version 1.0.24 and earlier). The vulnerability stems from improper input validation, which allows an attacker with access to the UniFi Play network to inject arbitrary commands. Successful exploitation could lead to unauthorized access, system compromise, and potentially full control of the affected devices. This vulnerability was reported to HackerOne and assigned a CVSS v3.1 score of 9.8, indicating its severity. It is crucial for organizations using these UniFi Play devices to apply the recommended updates to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to the UniFi Play network (e.g., through compromised credentials or network vulnerabilities).\u003c/li\u003e\n\u003cli\u003eAttacker identifies a vulnerable UniFi Play PowerAmp or Audio Port device running an affected software version (1.0.35 or earlier for PowerAmp, 1.0.24 or earlier for Audio Port).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious payload containing an injected command.\u003c/li\u003e\n\u003cli\u003eAttacker sends the malicious payload to the vulnerable device through a network request, exploiting the improper input validation vulnerability (CVE-2026-22563).\u003c/li\u003e\n\u003cli\u003eThe vulnerable device fails to properly sanitize the input, allowing the injected command to be executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the UniFi Play application, potentially allowing the attacker to perform actions such as reading sensitive data, modifying system configurations, or installing malicious software.\u003c/li\u003e\n\u003cli\u003eAttacker establishes a reverse shell to maintain persistent access to the compromised device.\u003c/li\u003e\n\u003cli\u003eAttacker pivots to other devices in the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-22563 can lead to full system compromise of UniFi Play PowerAmp and Audio Port devices. An attacker could gain unauthorized access to sensitive data, disrupt audio services, or use the compromised devices as a foothold to pivot to other systems on the network. Given the high CVSS score of 9.8, the impact is considered critical. The specific number of affected devices and sectors remains unknown, but organizations utilizing UniFi Play devices are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later to patch CVE-2026-22563.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity originating from UniFi Play devices.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a compromised device.\u003c/li\u003e\n\u003cli\u003eReview and enforce strong password policies to prevent unauthorized network access.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule for command injection attempts targeting UniFi Play devices (see below) to detect exploitation attempts in your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-13T22:16:28Z","date_published":"2026-04-13T22:16:28Z","id":"/briefs/2026-04-unifi-command-injection/","summary":"A malicious actor with access to the UniFi Play network can exploit improper input validation vulnerabilities (CVE-2026-22563) in UniFi Play PowerAmp and Audio Port to inject commands, potentially leading to arbitrary code execution.","title":"UniFi Play Command Injection Vulnerability (CVE-2026-22563)","url":"https://feed.craftedsignal.io/briefs/2026-04-unifi-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-22563","version":"https://jsonfeed.org/version/1.1"}