CVE-2026-13489
LOWDescription
A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-13489? +
How severe is CVE-2026-13489? +
How do I check if I'm vulnerable to CVE-2026-13489? +
Related Vulnerabilities
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there …
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the …
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper …
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows …
In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that …
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a …