CVE-2026-26478 | THREATINT

Description

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account.

PUBLISHED Reserved 2026-02-16 | Published 2026-03-04 | Updated 2026-03-04 | Assigner mitre

References

github.com/pastcompute/tichome-poc-1

web.archive.org/web/20171202094530/

cve.org (CVE-2026-26478)

nvd.nist.gov (CVE-2026-26478)

Download JSON