BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Hugging Face LeRobot Flaw Allows Remote Code Execution

Critical flaw in Hugging Face's LeRobot allows unauthenticated remote code execution via unsafe deserialization.

  • A critical security flaw (CVE-2026-25874) has been disclosed in Hugging Face’s open-source robotics platform, LeRobot, allowing unauthenticated remote code execution.
  • The flaw stems from unsafe deserialization using pickle.loads() on data from unauthenticated gRPC channels in the policy server and robot client components.
  • The vulnerability is currently unpatched, with a fix planned for version 0.6.0, and is dangerous as AI inference systems often run with elevated privileges.

Cybersecurity researchers revealed in April 2026 that Hugging Face’s popular open-source robotics platform, LeRobot, harbors a severe security vulnerability. This flaw allows unauthenticated attackers to execute arbitrary code remotely on systems running the service.

- Advertisement -

The vulnerability, cataloged as CVE-2026-25874 with a CVSS score of 9.3, is a case of unsafe deserialization. According to a GitHub advisory, the problem exists in the async inference pipeline where pickle.loads() deserializes data from unauthenticated gRPC channels.

An attacker who can reach the PolicyServer network port can send a malicious serialized payload. Consequently, they can run arbitrary operating system commands on the host, as detailed in a report by Resecurity.

The exploitation risks are significant because these AI inference systems typically have high privileges. Therefore, a compromise could lead to theft of sensitive data like API keys, lateral network movement, or even physical safety risks.

Valentin Lobstein, a VulnCheck researcher who discovered and published details of the flaw, noted it was validated against LeRobot version 0.4.3. Meanwhile, the issue remains unpatched, with a fix planned for version 0.6.0.

- Advertisement -

The flaw was independently reported in December 2025 by another researcher. Steven Palma, the project’s tech lead, acknowledged the risk and stated, “that part of the codebase needs to be almost entirely refactored as its original implementation was more experimental.”

Palma further noted that security was not a strong focus as LeRobot was primarily a research tool. However, he emphasized that closer attention would be paid as adoption grows, saying, “Fortunately, being an open-source project, the community can also help by reporting and fixing vulnerabilities.”

The findings highlight the ongoing danger of using the unsafe pickle format for serialization. Lobstein pointed out the irony, as Hugging Face created the Safetensors format specifically because pickle is dangerous for ML data.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

China’s Free AI Models Won’t Kill The AI Boom

Chinese LLMs like DeepSeek and Qwen are advancing rapidly, but the AI boom's core...

S. Korea regulator sends Upbit inspection letter over $36M hack

South Korea’s Financial Supervisory Service formally began sanctions against Dunamu, Upbit’s operator, after the...

Apple Stock Nears $323 Target Amid Rally Momentum

Apple stock trades above key moving averages, signaling strength toward the $323.35 target rangeTechnical...

France orders Polymarket block over illegal gambling

France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal...

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

Must Read

What Is Bcrypt Password Hashing Function?

KEY TAKEAWAYSBcrypt is a password hashing function that transforms plain passwords into unique alphanumeric sequences.It is a one-way process, ensuring that passwords cannot be...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading