CVE-2026-7415: Open MQTT orchestration without read/write ACLs in Yarbo robot firmware v2.3.9#

AHA! has discovered an issue affecting Yarbo robot firmware v2.3.9. This disclosure follows AHA!’s standard disclosure policy. Any questions about this disclosure should be directed to [email protected].

Affected products#

  • Yarbo robot firmware v2.3.9 (April, 2026)

Executive summary#

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.

This vulnerability is estimated to have a CVSSv31 rating of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8, Critical) and the relevant SSVC vectors are Exploitation: PoC and Technical Impact: Total. This issue is an instance of CWE-306.

Vulnerability Details#

The MQTT broker ships with anonymous=true and no ACL file configured, meaning any client can connect and freely publish or subscribe to any topic. Orchestration topics expose direct command channels (e.g., movement, configuration) alongside telemetry topics carrying sensor data, location, and operational logs. No further exploit is needed beyond network connectivity to read or inject messages.

Attacker Value#

An attacker on the local network, or reaching the device through the NAT-punching proxy referenced in CVE-2026-7413, can use the open MQTT broker to passively enumerate active robots, read live telemetry, and identify specific devices to target. More critically, they can actively publish commands to control robot actuators or alter configurations, with no credentials required. When chained with CVE-2026-7413 and CVE-2026-7414, this open broker completes a fully unauthenticated attack path: MQTT reveals and enumerates devices, hardcoded credentials provide authenticated management access, and the persistent backdoor delivers a root shell — all without the attacker needing to perform any exploitation in the traditional sense.

Mitigation and remediation#

  • Vendor action required: disable anonymous MQTT access, require client authentication, and enforce topic-level ACLs that restrict publish and subscribe permissions to authorized clients only.
  • Temporary mitigations: block MQTT ports (default 1883/8883) at network boundaries, place devices on isolated VLANs, and monitor for unexpected MQTT broker connections.

Proof-of-concept#

See Bin4ry’s original disclosure details at Yarbo - NAT in my Back Yard.

Timeline#

  • 2026-March: Initial analysis of the vendor supplied Android APK
  • 2026-April: Initial analysis of the vendor supplied robot filesystem
  • 2026-Apr-12 (Sun): Initial outreach to the vendor and AHA!
  • 2026-Apr-29 (Wed): CVE-2026-7415 reserved
  • 2026-Apr-30 (Thu): Demonstrated at AHA! meeting 0x00eb
  • 2026-May-07 (Thu): Public disclosure of CVE-2026-7415

Credit#

Reported by Andreas Makris (aka Bin4ry), demonstrated and disclosed through AHA!.