CVE-2026-7413— Persistent undocumented backdoor access in Yarbo robot
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7413
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Persistent undocumented backdoor access in Yarbo robot
Source: NVD (National Vulnerability Database)
Vulnerability Description
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
隐藏功能
Source: NVD (National Vulnerability Database)
Vulnerability Title
Yarbo 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Yarbo是美国Yarbo公司的一款模块化智能庭院维护机器人。 Yarbo 2.3.9版本存在安全漏洞,该漏洞源于隐藏的持久后门,可能导致远程未经身份验证或弱身份验证访问特权功能。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-7413
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 9147 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-7413
请登录查看更多情报信息。
- CVE-2026-7413 :: AHA!third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-7413
Same Patch Batch · Yarbo · 2026-05-07 · 3 CVEs total
| CVE-2026-7414 | 9.8 CRITICAL | Hardcoded credentials in Yarbo robot firmware |
| CVE-2026-7415 | 9.8 CRITICAL | Open MQTT orchestration without read/write ACLs in Yarbo robot firmware |
IV. Related Vulnerabilities
Same product: Firmware
- CVE-2026-7415
Open MQTT orchestration without read/write ACLs in Yarbo rob - CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2025-55292
In Meshtastic, an attacker can spoof licensed amateur flag f - CVE-2025-53627
Meshtastic firmware allows forged DMs with no PKC to show up - CVE-2025-55293
Meshtastic allows crafting of specific NodeInfo packets that
Same weakness: CWE-912
- CVE-2026-41446
WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpo - CVE-2026-1952
Denial of service via the undocumented subfunction in AS320T - CVE-2026-4621
NEC Platforms Aterm Series 安全漏洞 - CVE-2026-33280
BUFFALO Wi-Fi router 安全漏洞 - CVE-2026-31847
Hidden Functionality Enables Remote Telnet Activation via /g
V. Comments for CVE-2026-7413
No comments yet