CVE-2026-10557 | Yarbo App/Cloud MQTT infrastructure prior 3.17.4 Subscription hard-coded credentials (icsa-26-162-01)

Inserito da Angelo Barbosa | Giu 12, 2026 | CVE

A vulnerability classified as critical has been found in Yarbo App and Cloud MQTT infrastructure. This vulnerability affects unknown code of the component Subscription Handler. Performing a manipulation results in hard-coded credentials.

This vulnerability was named CVE-2026-10557. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-10557 | Yarbo App/Cloud MQTT infrastructure prior 3.17.4 Subscription hard-coded credentials (icsa-26-162-01)

Post correlati

CVE-2025-2615 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Websocket Connection insertion of sensitive information into sent data (Patch 526360)

CVE-2026-46361 | thorsten phpMyFAQ up to 4.1.1 strip_tags result.question/result.answerPreview cross site scripting (GHSA-pqh6-8fxf-jx22)

CVE-2024-12834 | Delta Electronics DRASimuCAD STP File Parser type confusion (ZDI-24-1722)

CVE-2023-6152 | Grafana/Grafana Enterprise prior 9.5.16/10.0.11/10.1.7/10.2.4/10.3.3 Email authorization (GHSA-3hv4-r2fm-h27f)