Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Details
CVSS v3
9.3
CVSS v4
9.3
NVD published
2026-04-23 20:16:13
EPSS
<0.1% probability · 19.3th percentile — 2026-04-27
Affected versions
Not available in our cache.
Summary
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.