A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to execute arbitrary system commands on vulnerable host machines. With nearly 24,000 stars on GitHub, this
The post Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks appeared first on Cyber Security News. Read More
Posted inNews