Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-7413: Yarbo Firmware v2.3.9 Has Hidden Backdoor Allowing Remote Access
CVE-2026-7413
Summary
A hidden backdoor was discovered in Yarbo firmware version 2.3.9, allowing unauthorized access to sensitive features. This poses a risk to security and data integrity. Update to a fixed version of the firmware to resolve the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| yarbo | lawn_mower_firmware |
2.3.9 cpe:2.3:o:yarbo:lawn_mower_firmware:2.3.9:*:*:*:*:*:*:* |
| yarbo | lawn_mower_pro_firmware |
2.3.9 cpe:2.3:o:yarbo:lawn_mower_pro_firmware:2.3.9:*:*:*:*:*:*:* |
Original title
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, ca...
Original description
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
nvd CVSS3.1
7.2
Vulnerability type
CWE-912
Published: 7 May 2026 · Updated: 23 May 2026 · First seen: 7 May 2026