CRITICAL SeverityCVSS 4.09.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2026-25874

Last updated Apr 24, 2026 · Published Apr 23, 2026

Description

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Affected products

1 listed

Hugging Face:LeRobot

Mappings

CWE

CWE-502

CAPEC

None listed.

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.
Secure Defaults in Modern FrameworksHow Rails, Next.js, Django, and Spring protect you - and where they don't.