Description

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.

INFO

Published Date :

2026-02-27T04:28:46.955Z

Last Modified :

2026-02-27T15:58:20.444Z

Source :

AHA
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1442 vulnerability.

Vendors Products
Unitree
  • Go1 Air
  • Go1 Air Firmware
  • Go1 Pro
  • Go1 Pro Firmware
  • Go2 Air
  • Go2 Air Firmware
  • Go2 Edu Plus
  • Go2 Edu Plus Firmware
  • Go2 Edu Standard
  • Go2 Edu Standard Firmware
  • Go2 Pro
  • Go2 Pro Firmware
  • Go2 X
  • Go2 X Firmware
  • Upk
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1442.

URL Resource
http://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001111111111110101111111111000000000000000000000000000000000000000000000000000000101 cve-icon cve-icon
https://github.com/Bin4ry/UniTEABag cve-icon cve-icon
https://www.linkedin.com/posts/kevin-finisterre-6431069a_in-case-you-want-to-teabag-unitree-robotics-activity-7432984361014091776-zB4D cve-icon cve-icon
https://x.com/bin4rydigit/status/2027197985625420242 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact