CRITICAL🇵🇱 Wersja polska

CVE-2026-25874

CVSS 9.3v4.0pub. 2026-04-23upd. 2026-04-28

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Huggingface Lerobot

    APP
    Huggingface
    ≤ 0.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-5241CRITICAL9.6PL ✓ten sam vendor

RCE w Huggingface Transformers — obejście trust_remote_code w LightGlue

CVE-2025-5120CRITICAL10.0PL ✓ten sam vendor

Sandbox escape i RCE w Huggingface Smolagents (local_python_executor)

CVE-2024-3568CRITICAL9.6PL ✓ten sam vendor

RCE przez deserializację w bibliotece Huggingface Transformers

CVE-2026-4372HIGH7.8ten sam vendor

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library ...

CVE-2026-44513HIGH8.8ten sam vendor

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in Di...