Hugging Face's LeRobot robotics framework has an unpatched flaw that lets remote attackers run code with no authentication (CVE-2026-25874)

Researchers disclosed a critical unauthenticated remote code execution flaw in Hugging Face's LeRobot, the open-source framework used to train and deploy ML models on physical robots. CVE-2026-25874 sits in the framework's web interface, which by default listens on all network interfaces with no authentication - quick for demos, but a hard fail when the demo box ends up on a corporate network. There is no patch yet. Hugging Face has been notified but hasn't released a fix. Particularly serious because LeRobot is usually attached to actual robotic hardware, so a compromise can mean unsafe physical actions.

Check

If your team uses Hugging Face LeRobot anywhere, take the web interface off any reachable network and bind it to localhost-only until a patch is released.

Affected

All current versions of Hugging Face LeRobot with the web interface enabled. CVE-2026-25874, unauthenticated RCE, no patch available. Acute risk for research labs, robotics startups, and university labs running LeRobot demos where the host has any network reachability. Manufacturing or warehouse environments using LeRobot for production robotics are at the highest risk because compromise can drive physical actions.

Fix

Bind LeRobot's web interface to 127.0.0.1 only and tunnel through SSH for remote access. If localhost-only isn't workable, put the interface behind an authenticated reverse proxy (nginx with basic auth, Cloudflare Access, Tailscale). Block direct internet access to any LeRobot host at the firewall. Watch the LeRobot GitHub for the patch. Don't run LeRobot on the same host as production robotic control systems.