CVE-2026-25874
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.
View on NVDAnalysis
Hugging Face LeRobot versions up to 0.5.1 are vulnerable to unauthenticated remote code execution (RCE) via gRPC. The library uses Python's pickle module to process incoming data without authentication or encryption, allowing an attacker to execute arbitrary code on both policy servers and robot clients. Update to the latest version immediately if you are using LeRobot in network-connected environments.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-502EPSS
Affects
huggingface:lerobotTechnical description
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.