Hugging Face LeRobot Hit by Critical Vulnerability Enabling Remote Code Execution

Critical Vulnerability Discovered in Open-Source Project with Nearly 24K Stars

Cybersecurity researchers have recently disclosed a critical security vulnerability affecting LeRobot, Hugging Face's open-source robotics platform. As a popular project with nearly 24,000 stars on GitHub, LeRobot is widely used in robotic learning and control. The disclosure of this vulnerability has drawn significant attention from the AI open-source community.

The vulnerability, tracked as CVE-2026-25874, carries a CVSS score of 9.3 out of 10 and is classified as "critical." Researchers noted that the flaw stems from defective deserialization handling of untrusted data, allowing attackers to achieve remote code execution (RCE) without any authentication.

Technical Details: Insecure Deserialization

Based on the information disclosed so far, the root cause of the vulnerability lies in LeRobot's use of insecure deserialization mechanisms when processing external input data. Deserialization vulnerabilities are a classic and highly destructive class of security issues in the Python ecosystem, enabling attackers to execute arbitrary code on target systems by crafting malicious serialized data.

Specifically, when the LeRobot platform receives and processes model files, configuration data, or other serialized objects from external sources, it fails to perform adequate security validation on the data's origin and content. This means attackers can submit carefully crafted malicious data packets to bypass authentication mechanisms and directly trigger arbitrary code execution on the server side.

For LeRobot instances deployed in public-facing network environments, the impact of this vulnerability is particularly severe — attackers could potentially gain full control of the target server, steal training data and model weights, or even further infiltrate internal networks.

Scope of Impact and Potential Risks

LeRobot is an end-to-end learning platform built by Hugging Face specifically for the robotics domain. It supports multiple training paradigms including imitation learning and reinforcement learning and is used by numerous research institutions and enterprises for developing and deploying robotic control policies. The project's high popularity means the potentially affected user base is substantial.

The risks posed by this vulnerability span several dimensions:

• Complete server compromise: Attackers can obtain the highest server privileges through RCE
• Data exfiltration: Training data, model parameters, and sensitive configuration information could be stolen
• Supply chain attacks: Malicious code could spread to downstream users through tampered model files
• Physical safety threats: Given that LeRobot directly interfaces with physical robots, a hijacked system could cause abnormal robot behavior, posing real-world safety hazards

Notably, as of the time of disclosure, the vulnerability remains unpatched, further compounding the security risk.

AI Open-Source Security Alarm Bells Ring Again

This incident once again highlights the security challenges facing the AI open-source ecosystem. In recent years, the Hugging Face platform has repeatedly drawn the attention of security researchers. Previously, malicious model files in its model repositories were found exploiting pickle deserialization vulnerabilities to execute malicious code.

Security experts recommend that developers and organizations currently using LeRobot immediately adopt the following interim mitigation measures:

1. Restrict network access: Avoid exposing LeRobot instances to public-facing network environments
2. Strictly vet input data: Only load models and data files from trusted sources
3. Deploy network isolation: Isolate environments running LeRobot from core business networks
4. Continuous monitoring: Follow Hugging Face's official security advisories and apply patches as soon as they become available

Outlook: AI Infrastructure Security Demands Urgent Attention

As AI technology moves from the cloud to the edge and from the virtual world to the physical world, the security of AI platforms is no longer merely a data protection issue — it directly concerns physical-world safety. When robotics learning platforms like LeRobot that bridge software and hardware are compromised, the consequences could far exceed the impact of traditional software vulnerabilities.

Industry experts are calling on the AI open-source community to integrate security audits as a core component of the development workflow, especially when dealing with high-risk operations such as data deserialization and model loading, where secure alternatives must be adopted. At the same time, enterprises incorporating open-source AI components should establish comprehensive security assessment and vulnerability response mechanisms to avoid introducing systemic risks through an uncritical "plug-and-play" approach.

Hugging Face has not yet issued a public statement regarding a timeline for patching this vulnerability. Affected users are advised to closely monitor subsequent developments.