CVE-2026-13489
Last modified
CVE-2026-13489 is a low-severity vulnerability rated 3.1/10 on the CVSS scale. A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| 78 | xiaozhi-esp32 | 2.2.0; 2.2.1; 2.2.2; 2.2.3; 2.2.4; 2.2.5; 2.2.6 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13489?
How severe is CVE-2026-13489?
How do I fix CVE-2026-13489?
Related CVEs from 2026
- CVE-2026-13483A flaw has been found in arc53 DocsGPT up to 0.18.0. The aff…3.1
- CVE-2026-13484A vulnerability has been found in MLflow up to 4666cffc7912e…8.8
- CVE-2026-13485A vulnerability was found in SourceCodester Class and Exam T…7.3
- CVE-2026-13486A vulnerability was determined in SourceCodester Class and E…7.3
- CVE-2026-13487A vulnerability was identified in SourceCodester Class and E…7.3
- CVE-2026-13488A security flaw has been discovered in SourceCodester Class …7.3
- CVE-2026-13490A security vulnerability has been detected in glpi-project g…6.3
- CVE-2026-13491A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6…3.7
- CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary …8.8
- CVE-2026-13493A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.2…3.1
- CVE-2026-13495A vulnerability has been found in itsourcecode Hospital Mana…4.7
- CVE-2026-13496A vulnerability was found in itsourcecode Hospital Managemen…6.3
Are you affected by CVE-2026-13489?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
