CVE-2026-13489 | 78 xiaozhi-esp32 up to 2.2.6 MCP Response main/mcp_server.cc ParseMessage improper synchronization (Issue 2020)

Inserito da Angelo Barbosa | Giu 27, 2026 | CVE

A vulnerability classified as critical has been found in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization.

This vulnerability is registered as CVE-2026-13489. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The pull request to fix this issue awaits acceptance.

CVE-2026-13489 | 78 xiaozhi-esp32 up to 2.2.6 MCP Response main/mcp_server.cc ParseMessage improper synchronization (Issue 2020)

Post correlati

CVE-2026-31915 | UX-themes Flatsome Plugin up to 3.19.6 on WordPress authorization

CVE-2026-5836 | code-projects Online Shoe Store 1.0 /admin/admin_product.php product_name cross site scripting

CVE-2026-2852 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Sales Endpoint SalesController.java addSales/updateSales/deleteSales access control (Issue 63)

CVE-2024-2497 | RaspAP raspap-webgui 3.0.9 HTTP POST Request includes/provider.php country code injection