Description

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

INFO

Published Date :

2026-04-23T19:45:01.090Z

Last Modified :

2026-04-24T18:20:13.815Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25874 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25874.

URL Resource
https://chocapikk.com/posts/2026/lerobot-pickle-rce/ cve-icon cve-icon
https://github.com/huggingface/lerobot/issues/3047 cve-icon cve-icon
https://github.com/huggingface/lerobot/issues/3134 cve-icon cve-icon
https://github.com/huggingface/lerobot/pull/3048 cve-icon cve-icon
https://www.vulncheck.com/advisories/lerobot-unsafe-deserialization-remote-code-execution-via-grpc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability