ICSA-26-162-01 · Published 2026-06-11 · View on CISA ICS-CERT ↗

Yarbo Android/iOS Mobile Application and Cloud Infrastructure

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet.

CVEs (2)

CVE-2026-10557 CVE-2026-7368

Remediations

Yarbo recommends users update the Yarbo mobile app to 3.17.4 or later. Server-side broker authorization will be enforced automatically upon deployment of the May 2026 update. No user action is required.

Affected Vendors

Yarbo

Affected Products (2)

Yarbo · Yarbo Android/IOS mobile application <v3.17.4

Yarbo · Cloud MQTT infrastructure vers:all/*

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more