Home

Description

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.

PUBLISHED Reserved 2026-04-29 | Published 2026-05-07 | Updated 2026-05-07 | Assigner AHA




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing authentication for critical function

Product status

Default status
unaffected

Any version
affected

Credits

Andreas Makris (aka Bin4ry) finder

todb of AHA! coordinator

References

github.com/Bin4ry/yarbo-nat-in-my-back-yard exploit

github.com/Bin4ry/yarbo-nat-in-my-back-yard third-party-advisory

takeonme.org/...00000000000000000000000000000000000000001001 third-party-advisory

cve.org (CVE-2026-7415)

nvd.nist.gov (CVE-2026-7415)

Download JSON