CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

Unitree Go2 访问控制错误漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. Versions 1.1.7 to 1.1.9, as well as version 1.1.11 of Unitree Go2, have vulnerabilities related to access control. These vulnerabilities stem from the lack of DDS authentication or authorization for the Eclipse CycloneDDS...