MQTT Broker Vulnerability in Yarbo Firmware Exposes Users to Security Threats
CVE-2026-7415

9.8CRITICAL

Key Information:

Vendor: Yarbo
Status: Firmware
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-7415?

The MQTT broker integrated within the Yarbo firmware version 2.3.9 is set up to allow connections from anonymous users without any authentication. This configuration makes it possible for any device on the same network to access sensitive telemetry data or send control messages to the robot without oversight. As such, attackers can gain unauthorized control and manipulate operations, posing serious privacy and security risks to users.

Affected Version(s)

Firmware 0 <= 2.3.9

References

https://github.com/Bin4ry/yarbo-nat-in-my-back-yard

third-party-advisory

https://takeonme.org/gcves/GCVE-1337-2026-000000000000000...

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Andreas Makris (aka Bin4ry)

todb of AHA!

CVE-2026-7415 Data

JSON