Cyber Posture

CVE-2026-7413

High

Published: 07 May 2026

Published
07 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7413 is a high-severity Hidden Functionality (CWE-912) vulnerability in Takeonme (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other AI Platforms.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CM-8 System Component Inventory
addresses: CWE-912

Documenting every system component at the required granularity and reviewing the inventory detects or prevents hidden functionality from remaining undetected.

CP-10 System Recovery and Reconstitution
addresses: CWE-912

Recovery eliminates hidden functionality or backdoors introduced during compromise.

PM-30 Supply Chain Risk Management Strategy
addresses: CWE-912

Policy requires supplier transparency and testing to detect hidden functionality or backdoors inserted in the supply chain.

PS-2 Position Risk Designation
addresses: CWE-912

Screening high-risk technical positions lowers the probability that hidden functionality or backdoors will be added by authorized personnel.

RA-10 Threat Hunting
addresses: CWE-912

Hunting identifies hidden functionality used for persistence or evasion after initial compromise.

RA-6 Technical Surveillance Countermeasures Survey
addresses: CWE-912

TSCM surveys discover and eliminate hidden surveillance functionality that would otherwise remain undetected in the environment.

SA-10 Developer Configuration Management
addresses: CWE-912

Change control, approval gates, and flaw tracking force hidden functionality to be either documented or discovered and removed.

SA-12 Supply Chain Protection
addresses: CWE-912

Vetting and integrity controls during acquisition reduce the likelihood of hidden backdoors or malicious functionality introduced by suppliers.

NVD Description

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-912

Affected Products

Takeonme
inferred from references and description; NVD did not file a CPE for this CVE

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: backdoor, backdoor

CVEs Like This One

CVE-2026-30704Shared CWE-912
CVE-2026-1952Shared CWE-912
CVE-2025-0626Shared CWE-912
CVE-2026-3587Shared CWE-912
CVE-2026-33280Shared CWE-912
CVE-2025-48418Shared CWE-912
CVE-2025-0675Shared CWE-912
CVE-2010-20103Shared CWE-912
CVE-2024-39754Shared CWE-912
CVE-2026-34769Shared CWE-912

References