EUVD-2026-39989

🗓️ 28 Jun 2026 10:45:08Reported by EUVDType

Vulnerability in xiaozhi module up to 2.2.6 allows exploitation via ParseMessage causing desync.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-13489	28 Jun 202610:45	–	attackerkb
CVE	CVE-2026-13489	28 Jun 202610:45	–	cve
Cvelist	CVE-2026-13489 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization	28 Jun 202610:45	–	cvelist
NVD	CVE-2026-13489	28 Jun 202612:17	–	nvd
Positive Technologies	PT-2026-53102	28 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "88a49d77-f3bd-33b0-805b-a04441228d7c",
        "vendor": {
          "name": "78"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3873216e-9158-3590-9bfc-32685bfb424d",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.3"
      },
      {
        "id": "3a74abb1-a34e-3fc5-969d-53883becea76",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.1"
      },
      {
        "id": "6bbd1d63-60ac-32ed-86a9-d639be6be57c",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.4"
      },
      {
        "id": "7cde8931-7054-3de0-bf58-8e2f54566550",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.2"
      },
      {
        "id": "8e80bc7f-75f0-3f2e-b7d0-390833d23886",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.0"
      },
      {
        "id": "af199b84-2526-3184-b0f9-8c8fa0de2286",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.5"
      },
      {
        "id": "fe36ecfb-f697-3464-9fe5-b9ee248189f3",
        "product": {
          "name": "xiaozhi-esp32",
          "vendor": {
            "name": "78"
          }
        },
        "product_version": "2.2.6"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/374486
vuldb	www.vuldb.com/vuln/374486/cti
vuldb	www.vuldb.com/cve/CVE-2026-13489
vuldb	www.vuldb.com/submit/838198
github	www.github.com/78/xiaozhi-esp32/issues/2020
github	www.github.com/78/xiaozhi-esp32/pull/2021
github	www.github.com/78/xiaozhi-esp32/

28 Jun 2026 10:45Current

5.1Medium risk

Vulners AI Score5.1

CVSS 42.3

CVSS 22.1

CVSS 3.13.1

CVSS 33.1