Millions of Shark Robot Vacuums Vulnerable to Critical Exploit
Millions of internet-connected Shark robot vacuums are potentially subject to a critical remote code execution (RCE) vulnerability that poses a severe security risk. This flaw could permit malicious actors to control the devices remotely, access onboard cameras, obtain detailed home layouts, and even pilfer stored Wi-Fi credentials. The problem was brought to light by an independent security researcher after a comprehensive 90-day reporting period, during which they explored the implications of this flaw.
The vulnerability is rooted in excessively permissive policies associated with AWS IoT Core MQTT, coupled with a command-execution feature embedded within the firmware of Shark vacuums. The researcher specifically tested this vulnerability on the Shark RV2320EDUS and AV1102ARUS models, discovering that it affects all internet-connected Shark robot vacuums that utilize the compromised configuration.
The attack process commences with physical access to a vulnerable device, enabling the extraction of the unique AWS certificate and private key coded into the firmware. These credentials grant unwarranted permissions on an AWS IoT MQTT broker, allowing a compromised device to subscribe to broad wildcard topics, which encompass numerous Shark devices located in the same region.
According to the findings reported by the researcher, obtaining a device certificate from one of the vulnerable RV2320EDUS vacuums enables the attacker to subscribe to the wildcard topic intended for Shark devices. This exposure includes telemetry data and command traffic associated with various connected vacuums. The researcher noted that knowing a target’s serial number would allow exploitation of the same certificate to dispatch messages to another device’s AWS IoT Shadow topic. Serial numbers can apparently be harvested directly from exposed MQTT traffic, significantly reducing barriers to targeting multiple systems.
The vulnerability’s most alarming facet involves an Exec_Command field supervised by the vacuum’s device-management daemon. Through reverse engineering, it was revealed that the daemon processes specially formatted MQTT messages and relays the included command strings to a shell-execution function. According to the researcher, an attacker who can craft a desired-state update sent to a target device’s MQTT Shadow topic could compel the vacuum to execute arbitrary commands with elevated privileges.
To affirm the cross-device implications of the vulnerability, the researcher effectively employed credentials from one vacuum to launch a payload on a different AV1102ARUS unit purchased separately. This successful test clearly established that the vulnerability is not confined to a single unit or specific serial number. While the proof of concept was exclusively executed on devices belonging to the researcher, it could theoretically be exploited against any exposed devices communicating within the compromised broker region.
The privacy and security ramifications extend far beyond unauthorized cleaning instructions. Many Shark robot vacuum models are equipped with cameras for navigation and obstacle detection. In the wrong hands, a compromised device could enable access to live camera feeds and grant control over its motors, thereby presenting severe risks to user privacy. Furthermore, an analysis of the firmware uncovered locally stored household mapping data and plaintext Wi-Fi pre-shared keys, which could offer attackers a gateway from the vacuum into a victim’s larger home network.
During an extensive 24-hour observation window, over 10.5 million MQTT messages were processed, revealing approximately 1.52 million unique devices in a single AWS region. Notably, around 673,816 devices—amounting to roughly 44%—sent an Exec_Response message, indicating their support for the command execution capability. The actual count of susceptible devices may differ, as not all affected models communicated during this monitoring interval.
The timeline concerning the disclosure indicates that SharkNinja was first contacted on March 11, 2026, when technical details were shared. After repeated follow-ups from the researcher, the issue was publicly disclosed on July 13. By this time, no corrective patch or confirmed remediation date had been presented. While SharkNinja reportedly acknowledged that the matter was under review, questions regarding the appropriateness of assigning a CVE remained.
In light of the vulnerability, the researcher urges SharkNinja to promptly restrict AWS IoT policies so that device certificates can only access their respective MQTT topics. They additionally recommend revoking or re-provisioning affected certificates and either removing or tightly validating the remote command execution functionality.
Until a permanent solution is instituted, affected users are advised to keep their vacuum firmware updated, isolate Internet of Things (IoT) devices on a separate network whenever feasible, and maintain vigilant monitoring of SharkNinja’s security advisories for forthcoming remediation instructions.
