cyberMEDIUM2026-04-28 12:48 UTC

Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks

A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary sys

ORIGINAL SOURCE →via GBHackers Security

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] CVE-2026-7281 - SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
[CYBER] CVE-2026-7272 - WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal
[CYBER] CVE-2026-6706 - Devolutions Server API Access Control Vulnerability
[CYBER] CVE-2026-5944 - Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
[CYBER] CVE-2026-40552 - Remote Code Execution in mpGabinet
[CYBER] CVE-2026-40551 - Use of Client-Side Authentication in mpGabinet

Editorial policy · Report a correction