Description

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publish a crafted message (api_id=1002) containing arbitrary Python, which the robot writes to disk under /unitree/etc/programming/ and binds to a physical controller keybinding. When the keybinding is pressed, the code executes as root and the binding persists across reboots.

INFO

Published Date :

2026-02-26T18:56:31.648Z

Last Modified :

2026-02-27T18:15:37.037Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27509 vulnerability.

Vendors Products
Unitree
  • Go2
  • Go2 Edu
  • Go2 Edu Firmware
  • Go2 Firmware
Unitreerobotics
  • Unitree Go2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27509.

URL Resource
https://boschko.ca/unitree-go2-rce/ cve-icon cve-icon
https://shop.unitree.com/products/unitree-go2 cve-icon cve-icon
https://www.vulncheck.com/advisories/unitree-go2-missing-dds-authentication-enables-adjacent-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact