CVE-2026-7413
HIGHDescription
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
Is your site exposed to CVE-2026-7413?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| yarbo | lawn_mower_firmware |
| yarbo | lawn_mower |
| yarbo | lawn_mower_pro_firmware |
| yarbo | lawn_mower_pro |
References
Frequently Asked Questions
What is CVE-2026-7413? +
How severe is CVE-2026-7413? +
What products are affected by CVE-2026-7413? +
How do I check if I'm vulnerable to CVE-2026-7413? +
Related Vulnerabilities
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized …
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, …
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located …
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not …
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 …
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets …