CVE-2026-25874

EUVD-2026-25292

23.04.2026, 20:16

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://chocapikk.com/posts/2026/lerobot-pickle-rce/

https://github.com/huggingface/lerobot/issues/3047

https://github.com/huggingface/lerobot/issues/3134

https://github.com/huggingface/lerobot/pull/3048

https://www.vulncheck.com/advisories/lerobot-unsafe-deserialization-remote-code-execution-via-grpc