Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Published:

28 april 2026 om 11:18:00

Alert date:

28 april 2026 om 12:00:48

Source:

thehackernews.com

Emerging Technologies, Zero-Day Vulnerabilities, Supply Chain & Dependencies

A critical security vulnerability (CVE-2026-25874) with a CVSS score of 9.3 has been discovered in Hugging Face's LeRobot open-source robotics platform. The flaw allows for unauthenticated remote code execution and stems from untrusted data deserialization. LeRobot is a popular platform with nearly 24,000 GitHub stars. The vulnerability remains unpatched, making it a significant security risk for organizations using the platform. This represents a serious threat to robotics infrastructure and could allow attackers to gain complete control of affected systems.

Technical details

The vulnerability stems from unsafe pickle deserialization in LeRobot's async inference pipeline. The PolicyServer component uses pickle.loads() to deserialize data received over unauthenticated gRPC channels without TLS. Attackers can exploit this by sending crafted pickle payloads through SendPolicyInstructions, SendObservations, or GetActions gRPC calls to achieve arbitrary code execution. The vulnerability exists in the policy server and robot client components.

Mitigation steps:

The vulnerability currently remains unpatched. A fix is planned for LeRobot version 0.6.0. Users should monitor for updates and consider network-level protections to limit access to PolicyServer network ports until a patch is available. The LeRobot team acknowledges that the affected codebase needs to be almost entirely refactored.

Affected products:

Hugging Face LeRobot version 0.4.3
LeRobot async inference PolicyServer component

Related CVE's:

CVE-2026-25874

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.