Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Summary
CVE-2026-25874 (CVSS 9.3) in LeRobot 0.4.3 allows unauthenticated RCE via pickle over gRPC, risking AI systems and sensitive data.
Description
CVE-2026-25874 (CVSS 9.3) in LeRobot 0.4.3 allows unauthenticated RCE via pickle over gRPC, risking AI systems and sensitive data.
Original reporting
AFBytes is a read-only aggregator. Use the original source for full context and complete reporting.
Open original source