Critical Vulnerability in Hugging Face LeRobot Allows Remote Code Execution
AI-generated from multiple sources. Verify before acting on this reporting.
A critical security flaw in Hugging Face's open-source robotics framework, LeRobot, allows unauthenticated attackers to execute arbitrary code remotely, researchers disclosed on Monday.
The vulnerability, assigned the identifier CVE-2026-25874, affects LeRobot version 0.4.3 and stems from the unsafe use of the Python pickle serialization format. The flaw exists within the asynchronous inference pipeline, where the software deserializes unauthenticated data received over gRPC. Because pickle is known to execute arbitrary code during deserialization, an attacker can craft a malicious payload that triggers remote code execution on any system running the vulnerable version.
Valentin Lobstein and chenpinji, cybersecurity researchers, identified the issue. They reported that the vulnerability enables attackers to compromise systems without requiring prior authentication. The flaw is particularly significant because LeRobot is widely used in robotics research and development, potentially exposing numerous development environments to exploitation.
Hugging Face has acknowledged the vulnerability. The company confirmed the existence of the flaw in version 0.4.3 and is working on a patch. However, as of Monday, no patched version has been released. The vulnerability remains unpatched, leaving users exposed until a fix is deployed.
The use of pickle for deserializing untrusted data is a known security risk in the Python ecosystem. Security experts have long warned against using pickle with data from untrusted sources due to its ability to execute arbitrary code. The LeRobot vulnerability highlights the ongoing risks associated with legacy serialization methods in modern software development.
Users of LeRobot 0.4.3 are advised to upgrade to a patched version as soon as it becomes available. Until then, administrators should consider isolating systems running the vulnerable software from untrusted networks. The vulnerability underscores the importance of secure coding practices and the need for rigorous security audits in open-source projects.
The discovery of CVE-2026-25874 comes amid growing concerns about supply chain security in the artificial intelligence and robotics sectors. As AI-driven robotics become more prevalent, the security of the underlying software frameworks becomes increasingly critical.
Researchers are urging Hugging Face to prioritize the release of a patch. The open-source community is also calling for greater transparency in the disclosure process to ensure users are aware of the risks and can take appropriate action.
The full impact of the vulnerability remains unclear. It is not yet known how many systems are affected or whether the flaw has been exploited in the wild. Security teams are monitoring the situation closely and advising users to take immediate precautions.
As the situation develops, Hugging Face is expected to provide updates on the patch release timeline. The incident serves as a reminder of the critical importance of addressing security vulnerabilities promptly in open-source software.