Skip to content
The Nexus
SECURITYApr 28 · 11:18 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

A critical unpatched vulnerability (CVE-2026-25874) in Hugging Face's LeRobot allows unauthenticated remote code execution, posing a significant security risk. The flaw, rated CVSS 9.3, stems from untrusted data deserialization in the open-source robotics platform.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this