Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Ver en NVD

Análisis

Hugging Face LeRobot versions up to 0.5.1 are vulnerable to unauthenticated remote code execution (RCE) via gRPC. The library uses Python's pickle module to process incoming data without authentication or encryption, allowing an attacker to execute arbitrary code on both policy servers and robot clients. Update to the latest version immediately if you are using LeRobot in network-connected environments.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-502

EPSS

Probabilidad de explotación (próx. 30 días): 0.0011 (0.1%)
Percentil: 29.4%
EPSS: 2026-05-06

Afecta

huggingface:lerobot

Descripción técnica

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Publicada: 23/4/2026, 20:16:13
Última modificación: 28/4/2026, 19:01:40

Referencias

InicioEventosBlogRecursosEquipo