Description
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.
Published: 2026-05-07
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Yarbo robot firmware v2.3.9 embeds an MQTT broker that accepts anonymous connections and lacks topic‑level read or write ACLs. An attacker on the same network can subscribe to sensitive telemetry topics, obtaining confidential data, and can publish control messages to manipulate the robot. This flaw enables full control over the device without authentication or authorization, raising confidentiality, integrity, and availability risks. The weakness is characterized as CWE-306, an authentication bypass vulnerability.

Affected Systems

The affected product is Yarbo firmware version 2.3.9. No other versions or platform specifics are listed. Devices running this firmware that are reachable from a local network are vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. The EPSS score is not available, so current exploit probability is unknown, but the vulnerability is in plain sight for any host on the same network, making it readily exploitable. The CVE is not listed in the CISA KEV catalog, yet the lack of authentication and ACLs makes local network compromise trivial. Attackers need only network connectivity to the MQTT broker, which is typically local to the robot.

Generated by OpenCVE AI on May 7, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Yarbo firmware to the latest version that includes MQTT authentication and ACLs
  • Apply network segmentation or firewall rules to limit access to the robot’s MQTT broker to trusted hosts only
  • Configure the MQTT broker to require client authentication and define topic‑level read/write ACLs to prevent unauthenticated access
  • Disable anonymous connections in the MQTT broker configuration

Generated by OpenCVE AI on May 7, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Yarbo
Yarbo firmware
Vendors & Products Yarbo
Yarbo firmware

Thu, 07 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.
Title Open MQTT orchestration without read/write ACLs in Yarbo robot firmware
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Yarbo Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: AHA

Published:

Updated: 2026-05-07T17:04:31.177Z

Reserved: 2026-04-29T13:55:11.141Z

Link: CVE-2026-7415

cve-icon Vulnrichment

Updated: 2026-05-07T17:03:31.152Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T17:15:59.570

Modified: 2026-05-07T18:46:25.867

Link: CVE-2026-7415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:24:35Z

Weaknesses