CVE-2026-7415

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9

Description The embedded MQTT broker is configured to permit anonymous connections and lacks topic-level read or write Access Control Lists (ACLs). This allows any host on the same network to subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.