CVE-2026-13489 | 78 xiaozhi-esp32 up to 2.2.6 MCP Response main/mcp_server.cc ParseMessage improper synchronization (Issue 2020)

SecurityVulns

A vulnerability classified as critical has been found in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization.

This vulnerability is registered as CVE-2026-13489. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The pull request to fix this issue awaits acceptance.VulDB Recent EntriesRead More