"LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components."
"An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls."
"The vulnerability is dangerous as the service is designed for artificial intelligence inference systems, which tend to run with elevated privileges to access internal networks, datasets, and expensive compute resources."
"Should the flaw be exploited by an attacker, it could enable a wide range of actions, including unauthenticated remote code execution, complete compromise of the PolicyServer host, and theft of sensitive data."
LeRobot, an open-source robotics platform, has a critical vulnerability (CVE-2026-25874) that enables remote code execution through unsafe data deserialization. The flaw arises from using the unsafe pickle format in the async inference pipeline, allowing unauthenticated attackers to send crafted payloads via gRPC calls. This vulnerability poses significant risks, including unauthorized access to sensitive data, complete compromise of the PolicyServer host, and potential physical safety hazards due to the nature of AI inference systems running with elevated privileges.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]