Dossier
LeRobot
Coverage of LeRobot in the Nexus archive.
- Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
A critical unpatched vulnerability (CVE-2026-25874) in Hugging Face's LeRobot allows unauthenticated remote code execution, posing a significant security risk. The flaw, rated CVSS 9.3, stems from untrusted data deserialization in the open-source robotics platform.