CVE-2026-27509 Unitree Go2 Missing DDS Authentication Enables Adjacent RCE

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

CVE-2026-27509

CVE-2026-27509 affects Unitree Go2 firmware versions V1.1.7–V1.1.9 and V1.1.11 (EDU). The issue is missing DDS authentication/authorization for Eclipse CycloneDDS topic rt/api/programming_actuator/request (handled by actuator_manager.py). A network-adjacent, unauthenticated attacker can join DDS ...

Unitree Go2 数据伪造问题漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. In versions 1.1.7 to 1.1.11 of Unitree Go2, there is a vulnerability related to data manipulation. This vulnerability stems from the lack of integrity protection and verification of user-created programs, which may lead to...

PT-2026-22178

Name of the Vulnerable Software and Affected Versions Unitree Go2 versions V1.1.7 through V1.1.9 Unitree Go2 version V1.1.11 EDU Description Lack of DDS authentication and authorization for the Eclipse CycloneDDS topic "rt/api/programming actuator/request" handled by actuator manager.py allows a...

PT-2026-22179

Name of the Vulnerable Software and Affected Versions Unitree Go2 versions 1.1.7 through 1.1.11 Description Remote code execution is possible due to a lack of integrity protection and validation of user-created programs when used with the Unitree Go2 Android application com.unitree.doggo2. The...

Unitree Go2 访问控制错误漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. Versions 1.1.7 to 1.1.9, as well as version 1.1.11 of Unitree Go2, have vulnerabilities related to access control. These vulnerabilities stem from the lack of DDS authentication or authorization for the Eclipse CycloneDDS...

EUVD-2025-22706

Malicious code in bioql PyPI...

EUVD-2025-22725

Malicious code in bioql PyPI...

EUVD-2025-31217

Malicious code in bioql PyPI...

EUVD-2025-31180

Malicious code in bioql PyPI...

EUVD-2025-31182

Malicious code in bioql PyPI...

EUVD-2025-31181

Malicious code in bioql PyPI...

CVE-2025-60251

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027 Unitree Multiple Robotic Products Command Injection

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027

CVE-2025-35027 affects Unitree Go2, G1, H1, and B2 robotic devices sharing a common firmware (MIT Cheetah). It enables command injection by supplying a malicious string during BLE-configured WiFi setup and triggering a WiFi service restart, allowing commands to run as root via the wpa_supplicant_...

CVE-2025-35027 Unitree Multiple Robotic Products Command Injection

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...