A vulnerability, which was classified as problematic , has been found in 78 xiaozhi-esp32 up to 2.2.6 . This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler . Performing a manipulation of the argument session_id results in denial of service. This vulnerability is reported as CVE-2026-13491 . The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to apply a