CVE-2026-25874CRITICAL 9.8EPSS p96.4%

CVE-2026-25874CVE-2026-25874

Description

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS15.55% probability of exploitation · percentile 96.4% · 2026-06-19T12:03:05Z
Published2026-04-23
Last modified2026-04-28

Underlying weaknesses· 1

CWE-502

References

  1. https://chocapikk.com/posts/2026/lerobot-pickle-rce/
  2. https://github.com/huggingface/lerobot/issues/3047
  3. https://github.com/huggingface/lerobot/issues/3134
  4. https://github.com/huggingface/lerobot/pull/3048
  5. https://www.vulncheck.com/advisories/lerobot-unsafe-deserialization-remote-code-execution-via-grpc

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25873
CVE
CVE-2025-57622
CVE
CVE-2025-51482
CVE
CVE-2025-45146
CVE
CVE-2026-26210
CVE
CVE-2026-31223
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.