← volver
CVE-2026-25874

LeRobot Unsafe Deserialization Remote Code Execution via gRPC

CVSS 9.3 CRITICALEPSS 15.5%CWE-502
Vexday Risk Score
53Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 15.5%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
23 abr 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Hugging Face · LeRobot
PoCs públicas encontradas1
cve_referencechocapikk.com/posts/2026/lerobot-pickle-rce/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://chocapikk.com/posts/2026/lerobot-pickle-rce/https://github.com/huggingface/lerobot/issues/3047https://github.com/huggingface/lerobot/issues/3134https://github.com/huggingface/lerobot/pull/3048https://www.vulncheck.com/advisories/lerobot-unsafe-deserialization-remote-code-execution-via-grpc