Unpatched RCE in Hugging Face LeRobot exposes robotics stack to unauth attackers
Original source
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
The Hacker News →A critical vulnerability tracked as CVE-2026-25874 affects Hugging Face’s LeRobot, the company’s open-source robotics framework. The flaw permits unauthenticated remote code execution, meaning an attacker who can reach an exposed LeRobot instance over the network can run arbitrary code without credentials. As of reporting, no patch is available.
The blast radius matters because LeRobot is increasingly used to train and operate physical robots — code execution on a control host is not just a data-integrity problem but a safety one, with potential to manipulate hardware behavior or pivot deeper into lab and production networks. Operators running LeRobot endpoints should treat any internet-reachable deployment as compromised-by-default and gate access behind authenticated proxies or isolated networks until a fix lands.
The disclosure adds to a growing pattern of unauthenticated RCE bugs surfacing in AI/ML tooling, where rapid iteration and research-first defaults have outpaced the hardening assumptions standard in production web frameworks.
Read the full article
Continue reading at The Hacker News →This is an AI-generated summary. Read the original for the full story.