What happened
The 78/xiaozhi-esp32 project up to version 2.2.6 contains an improper synchronization vulnerability (CWE-662) in the ParseMessage function within main/mcp_server.cc, the MCP Response Handler component. The race condition is remotely exploitable and can cause denial of service. CVSS 3.1 score is Low (3.1). No authentication complexity noted beyond network access.
Why it matters
xiaozhi-esp32 is an open-source AI voice assistant framework running on ESP32 microcontrollers with MCP server integration, enabling LLM-driven IoT/edge AI applications. While individual devices have limited blast radius, a DoS against a fleet of AI-connected edge devices could disrupt voice-assistant or home-automation deployments. The MCP component is the AI integration surface.
Attack vector
Remote attacker sends malformed or race-condition-triggering MCP messages to the ParseMessage handler, causing improper synchronization and device denial of service
Affected systems
78/xiaozhi-esp32 ≤ 2.2.6
Mitigation
Update xiaozhi-esp32 beyond 2.2.6 when a patched release is published. Repository: https://github.com/78/xiaozhi-esp32