What is the CVSS score of CVE-2026-7414?

CVE-2026-7414 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Yarbo firmware are affected by CVE-2026-7414?

Yarbo firmware v2.3.9 contains hardcoded administrative credentials accessible to any remote attacker without authentication, granting complete device compromise across all deployed units.

Yarbo firmware CVE-2026-7414

EUVD-2026-28399 CRITICAL

Use of Hard-coded Credentials (CWE-798)

2026-05-07 AHA

GHSA-vw42-99fw-3p5g

Authentication Bypass

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 07, 2026 - 17:30 vuln.today

CVE Published

May 07, 2026 - 16:10 nvd

CRITICAL 9.8

DescriptionNVD

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

AnalysisAI

Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device administrative access across all deployed units. The CVSS 9.8 critical score reflects the complete lack of authentication barriers (AV:N/AC:L/PR:N), with identical credentials embedded in every device that cannot be changed by end users. …

RemediationAI

Within 24 hours: Inventory all Yarbo devices running firmware v2.3.9 and isolate them from production networks if operationally feasible; contact Yarbo vendor for patch timeline and interim guidance. Within 7 days: Implement network segmentation to restrict Yarbo device management access to secured administrative networks only; deploy network-based monitoring for unauthorized administrative logins to affected devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7414 vulnerability details – vuln.today

Back

Yarbo firmware CVE-2026-7414

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code