CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

RedhatCVE•added 2026/02/27 7:45 p.m.•2 views

CVE-2026-27510

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...

9.6CVSS6.7AI score0.00136EPSS

Exploits1References1

RedhatCVE•added 2026/02/27 7:44 p.m.•22 views

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

8.5CVSS6AI score0.00077EPSS

Exploits1References1

Vulnrichment•added 2026/02/27 4:28 a.m.•2 views

CVE-2026-1442 Unitree UPK files Hard-Coded Key

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.9AI score0.0001EPSS

Exploits1References4

EUVD•added 2026/02/26 9:31 p.m.•4 views

EUVD-2026-8882

6.4CVSS6.6AI score0.00136EPSS

Exploits1References4

EUVD•added 2026/02/26 9:31 p.m.•4 views

EUVD-2026-8881

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publis...

8.5CVSS5.6AI score0.00077EPSS

Exploits1References4

OSV•added 2026/02/26 8:31 p.m.•1 views

CVE-2026-27509

8CVSS6AI score0.00077EPSS

Exploits1References3

NVD•added 2026/02/26 8:31 p.m.•3 views

CVE-2026-27509

8.5CVSS0.00077EPSS

Exploits1References3

OSV•added 2026/02/26 8:31 p.m.•4 views

CVE-2026-27510

8.8CVSS6.6AI score

Exploits0References3

CVE•added 2026/02/26 6:56 p.m.•6 views

CVE-2026-27510

CVE-2026-27510 affects Unitree Go2 firmware 1.1.7–1.1.11 with the Go2 Android app (com.unitree.doggo2). The issue is remote code execution due to missing integrity protection and validation of user-created programs. The Android app stores programs in a local SQLite database (unitree_go2.db, table...

9.6CVSS6.6AI score0.00136EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/26 6:56 p.m.•21 views

CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE

9.6CVSS0.00136EPSS

Exploits1References3

ATTACKERKB•added 2026/02/26 6:56 p.m.•3 views

CVE-2026-27510

9.6CVSS6.6AI score0.00136EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/26 6:56 p.m.•6 views

CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE

9.6CVSS6.7AI score0.00136EPSS

Exploits1References3

Cvelist•added 2026/02/26 6:56 p.m.•21 views

CVE-2026-27509 Unitree Go2 Missing DDS Authentication Enables Adjacent RCE

8.5CVSS0.00077EPSS

Exploits1References3

CVE•added 2026/02/26 6:56 p.m.•11 views

CVE-2026-27509

CVE-2026-27509 affects Unitree Go2 firmware versions V1.1.7–V1.1.9 and V1.1.11 (EDU). The issue is missing DDS authentication/authorization for Eclipse CycloneDDS topic rt/api/programming_actuator/request (handled by actuator_manager.py). A network-adjacent, unauthenticated attacker can join DDS ...

8.5CVSS6AI score0.00077EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/26 6:56 p.m.•3 views

CVE-2026-27509 Unitree Go2 Missing DDS Authentication Enables Adjacent RCE

8.5CVSS6AI score0.00077EPSS

Exploits1References3

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22179

Name of the Vulnerable Software and Affected Versions Unitree Go2 firmware versions 1.1.7 through 1.1.11 Description Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are susceptible to remote code execution because of a lac...

9.6CVSS6.7AI score0.00136EPSS

Exploits1References28

CNNVD•added 2026/02/26 12:0 a.m.•3 views

Unitree Go2 数据伪造问题漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. In versions 1.1.7 to 1.1.11 of Unitree Go2, there is a vulnerability related to data manipulation. This vulnerability stems from the lack of integrity protection and verification of user-created programs, which may lead to...

9.6CVSS6.2AI score0.00136EPSS

Exploits1References3

CNNVD•added 2026/02/26 12:0 a.m.•3 views

Unitree Go2 访问控制错误漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. Versions 1.1.7 to 1.1.9, as well as version 1.1.11 of Unitree Go2, have vulnerabilities related to access control. These vulnerabilities stem from the lack of DDS authentication or authorization for the Eclipse CycloneDDS...

8.5CVSS6.1AI score0.00077EPSS

Exploits1References3

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22178

Name of the Vulnerable Software and Affected Versions Unitree Go2 firmware versions 1.1.7 through 1.1.9 and 1.1.11 EDU Description The affected firmware does not implement DDS authentication or authorization for the Eclipse CycloneDDS topic /rt/api/programming actuator/request managed by actuator...

8.5CVSS6.1AI score0.00077EPSS

Exploits1References28

RedhatCVE•added 2025/09/27 12:48 a.m.•4 views

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

5CVSS7AI score0.00019EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by