First critical vulnerability in AI robotics - CVSS 9.3 in Hugging Face LeRobot
First critical vulnerability in AI robotics - CVSS 9.3 in Hugging Face LeRobot
LeRobot - the open-source AI robotics platform from Hugging Face. 21,500 GitHub stars. CVE-2026-25874, CVSS score 9.3 - critical vulnerability. Hackers can take control of the robot without a password.
April 22-23, 2026 public disclosure (NVD published Apr 23). Critical vulnerability in one of the most-used open-source robotics platforms:
- CVE-2026-25874
- CVSS score 9.3 (max 10 - critical)
- Vector: unsafe data deserialization over gRPC without authentication or TLS
- Allows unauthenticated remote code execution on policy servers AND robot clients
Scale: LeRobot has 21,500 GitHub stars - one of the most-used platforms in robotics startup production.
This isn’t a web app vulnerability
Listen. This is a vulnerability in a robot you can SEE PHYSICALLY. A hacker over the network - can MAKE THE ROBOT DO SOMETHING.
Is your company buying a Figure or Unitree robot? Ask the integrator if they don’t use LeRobot under the hood. Because if they do - you have a problem.
First time in history
This is the first time in history physical AI has a realistically exploitable vulnerability. Software vulnerabilities are daily news. Vulnerabilities in AI robots - new category.
Researcher-recommended mitigation: replace unsafe deserialization with safe formats (JSON / protobuf / safetensors), enable TLS via add_secure_port, gRPC interceptors plus token auth.
My perspective
This is just the beginning. AI robots are a new category of attack. In two years cybersec firms will train “robot pentesters” - people who test whether a robot can be hijacked over the network.
Because the physical AI ecosystem moves from software demos to real machines. Vulnerabilities now mean real-world physical attacks. This isn’t “someone steals your data.” This is “someone makes the robot do something.”
Remember the words “robot pentester.” You’ll hear them again.
Sources
- The Hacker News - “Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE”
- CSA Lab Space - “LeRobot CVE-2026-25874: Unauthenticated RCE” (Apr 29, 2026)
- Resecurity - “CVE-2026-25874: Hugging Face LeRobot Unauthenticated RCE”
- iSec News - “Critical LeRobot flaw could let attackers run code on robotics systems” (Apr 28, 2026)
- Cybersecurity News - “Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks”