EXECUTIVE SUMMARY:
CVE-2026-25874 with a CVSS score of 9.3 is a critical unpatched flaw in Hugging Face's LeRobot open-source robotics platform, specifically impacting the async inference pipeline, where the unsafe pickle format is used for deserialization. The vulnerability, found in the PolicyServer component, allows an unauthenticated network-reachable attacker to achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls. This capability enables the attacker to run arbitrary operating system commands on the host machine running the service, potentially leading to a wide range of malicious actions, including complete compromise of the PolicyServer host, theft of sensitive data, and sabotage of operations. If exploited, this flaw poses significant business impact and consequences, including physical safety risks, data breaches, and disruption of critical services. Prerequisites for exploitation include network reachability to the PolicyServer host and the ability to send a malicious serialized payload through one of the vulnerable gRPC calls.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-25874 with a CVSS score of 9.3 is a critical unpatched flaw in Hugging Face's LeRobot open-source robotics platform, specifically impacting the async inference pipeline, where the unsafe pickle format is used for deserialization. The vulnerability, found in the PolicyServer component, allows an unauthenticated network-reachable attacker to achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls. This capability enables the attacker to run arbitrary operating system commands on the host machine running the service, potentially leading to a wide range of malicious actions, including complete compromise of the PolicyServer host, theft of sensitive data, and sabotage of operations. If exploited, this flaw poses significant business impact and consequences, including physical safety risks, data breaches, and disruption of critical services. Prerequisites for exploitation include network reachability to the PolicyServer host and the ability to send a malicious serialized payload through one of the vulnerable gRPC calls.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update LeRobot to version 0.6.0.
REFERENCES:
The following reports contain further technical details:
https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html