Open MQTT orchestration without read/write ACLs in Yarbo robot firmware
Summary
| CVE | CVE-2026-7415 |
|---|---|
| State | PUBLISHED |
| Assigner | AHA |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-07 17:15:59 UTC |
| Updated | 2026-05-07 18:46:25 UTC |
| Description | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000350000 probability, percentile 0.102120000 (date 2026-05-08)
Problem Types: CWE-306 | CWE-306 CWE-306 Missing authentication for critical function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| takeonme.org/gcves/GCVE-1337-2026-0000000000000000000000000000000000000000... | [email protected] | takeonme.org | |
| github.com/Bin4ry/yarbo-nat-in-my-back-yard | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Andreas Makris (aka Bin4ry) (en)
CNA: todb of AHA! (en)
There are currently no legacy QID mappings associated with this CVE.