LeRobot Unsafe Deserialization Remote Code Execution via gRPC

Advisories

LeRobot Unsafe Deserialization Remote Code Execution via gRPC

severity: critical
date: 4/23/2026
Affecting: LeRobot <= 0.5.1
A release containing a fix is planned for v0.6.0
CVE: CVE-2026-25874
CWE: CWE-502 Deserialization of Untrusted Data
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Chocapikk Disclosure & PoC
Initial Report
Proposed Pull Request
v0.6.0 Roadmap
Credit: Valentin Lobstein (Chocapikk)
Description: LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo