CVE-2026-7415: Yarbo Robot Firmware Exposes Sensitive Data via Anonymous MQTT
The National Vulnerability Database has detailed a critical vulnerability (CVE-2026-7415) in the embedded MQTT broker within Yarbo firmware version 2.3.9. This flaw permits anonymous connections without any topic-level access controls. Consequently, any device on the same network can subscribe to sensitive telemetry data or send control commands directly to the robot, bypassing all authentication and authorization mechanisms. This represents a severe security oversight, potentially allowing unauthorized actors to monitor robot operations or maliciously control its functions.
With a CVSS score of 9.8 (CRITICAL), this vulnerability (CWE-306) poses a significant risk to users of affected Yarbo robots. The lack of authentication on the MQTT broker means that attackers on the local network can exploit this with ease. Defenders must prioritize patching or isolating affected devices to prevent potential data exfiltration or unauthorized remote control. The direct impact on sensitive telemetry and control functions necessitates immediate attention from security teams managing these robotic systems.
What This Means For You
- If your organization deploys Yarbo robots with firmware v2.3.9, immediately audit network access to these devices. Ensure the MQTT broker is secured, preferably by disabling anonymous access or implementing strict network segmentation to isolate the robot from other network segments. Verify that no unauthorized hosts can communicate with the robot's MQTT interface.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7415: Yarbo Robot Anonymous MQTT Connection
title: CVE-2026-7415: Yarbo Robot Anonymous MQTT Connection
id: scw-2026-05-07-ai-1
status: experimental
level: critical
description: |
Detects anonymous connections to the MQTT broker (port 1883) from internal network ranges, indicative of CVE-2026-7415 where Yarbo firmware allows unauthenticated access to its MQTT broker. This allows attackers on the same network to interact with the robot.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7415/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: authentication
detection:
selection:
dst_port:
- 1883
src_ip|contains:
- '192.168.'
- '10.0.'
- '172.16.'
condition: dst_port AND src_ip
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7415 | Auth Bypass | Yarbo firmware v2.3.9 - MQTT broker anonymous connections |
| CVE-2026-7415 | Information Disclosure | Yarbo firmware v2.3.9 - MQTT broker sensitive telemetry topics accessible without authentication |
| CVE-2026-7415 | Command Injection | Yarbo firmware v2.3.9 - MQTT broker control messages publishable without authorization |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 20:15 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-8081 — Router-For-Me CLIProxyAPI Server-Side Request Forgery
CVE-2026-8081 — A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the...
Snipe-IT CVE-2026-37709: Critical RCE via Insecure Permissions
CVE-2026-37709 — Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code...
Yarbo Firmware v2.3.9 Critical Hardcoded Credential Vulnerability
CVE-2026-7414 — Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and...