CVE-2026-25874

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0

Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the LeRobot robotics platform. The software uses the pickle.loads() function to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. A network-reachable unauthenticated attacker can achieve arbitrary code execution on the server or client by sending a specially crafted pickle payload through the 'SendPolicyInstructions', 'SendObservations', or 'GetActions' gRPC calls. This flaw specifically affects the PolicyServer component, potentially allowing the attacker to execute operating system commands on the host machine, steal sensitive data such as API keys and SSH credentials, or compromise connected robots and physical systems.

Recommendations Update to version 0.6.0 once available. As a temporary workaround, restrict network access to the PolicyServer port to trusted sources only. Avoid using the 'SendPolicyInstructions', 'SendObservations', and 'GetActions' gRPC calls over unauthenticated and non-TLS channels.