CVE-2026-13491 | 78 xiaozhi-esp32 up to 2.2.6 MQTT Goodbye mqtt_protocol.cc Application::GetInstance session_id denial of service (Issue 2022)

Inserito da Angelo Barbosa | Giu 27, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument session_id results in denial of service.

This vulnerability is reported as CVE-2026-13491. The attack is possible to be carried out remotely. Moreover, an exploit is present.

It is recommended to apply a patch to fix this issue.

CVE-2026-13491 | 78 xiaozhi-esp32 up to 2.2.6 MQTT Goodbye mqtt_protocol.cc Application::GetInstance session_id denial of service (Issue 2022)

Post correlati

CVE-2026-0598 | Red Hat Ansible Automation Platform 2 Ansible Lightspeed API Conversation Endpoint unverified ownership

CVE-2024-3640 | Rockwell Automation Factory Talk Remote Access up to 13.5.0.174 FTRA Installer Package unquoted search path (icsa-24-135-01)

CVE-2024-11685 | Kudos Donations Plugin up to 3.2.9 on WordPress add_query_arg cross site scripting

CVE-2024-47562 | Siemens SINEC Security Monitor prior 4.9.0 command injection (ssa-430425)