LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-26478

CVE-2026-26478 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 5, 2026

Mobvoi Tichome Mini - Command Injection

Published: March 4, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 contains a command injection caused by processing of specially crafted UDP datagrams, letting remote attackers execute arbitrary shell code as root, exploit requires network access.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 121.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary shell commands as root, leading to full system compromise.

Mitigation

Update to the latest version or apply vendor patches addressing this vulnerability.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 9, 2026

📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1428 Severity: - Critical: 187 - High: 549 - Medium: 456 - Low: 43 - None: 193 Status: - : 38 - Analyzed: 324 - Awaiting Analysis: 475 - Modified: 83 - Received: 445 - Rejected: 7 - Undergoing Analysis: 56 Top CNAs: - GitHub, Inc.: 283 - Patchstack: 271 - MITRE: 128 - VulnCheck: 107 - VulDB: 85 - Wordfence: 74 - Android (associated with Google Inc. or Open Handset Alliance): 57 - Cisco Systems, Inc.: 50 - N/A: 38 - Acronis International GmbH: 23 Top Affected Products: - UNKNOWN: 1003 - Google Android: 74 - Chamilo Lms: 25 - Dlink Dir-513 Firmware: 20 - Huawei Harmonyos: 18 - Qualcomm Qca6595au Firmware: 14 - Qualcomm Wcd9380 Firmware: 14 - Qualcomm Wcd9385 Firmware: 14 - Qualcomm Wsa8830 Firmware: 14 - Qualcomm Wsa8815 Firmware: 14 Top EPSS Score: - CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256) - CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105) - CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070) - CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478) - CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101) - CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107) - CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227) - CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886) - CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675) - CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)

View original post

Related Resources

Details

CVE ID
CVE-2026-26478
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
confirmed
EPSS
121.6%
Social Posts
1

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

121.6%Probability of exploitation in the next 30 days