Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2026/06/05 7:23 p.m.15 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS
Exploits1References1
euvd
euvd
added 2026/04/23 9:31 p.m.15 views

EUVD-2026-25292

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achie...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
nvd
nvd
added 2026/04/23 8:16 p.m.11 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS0.15547EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/04/23 7:45 p.m.5 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS6.5AI score0.15547EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/04/23 7:45 p.m.4 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
cvelist
cvelist
added 2026/04/23 7:45 p.m.162 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS0.15547EPSS
Exploits1References5
osv
osv
added 2026/04/23 7:45 p.m.4 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS7.9AI score0.15547EPSS
Exploits1References8
cve
cve
added 2026/04/23 7:45 p.m.34 views

CVE-2026-25874

LeRobot has an unsafe deserialization vulnerability in its async inference pipeline. pickle.loads() is used to deserialize data received over unauthenticated, TLS-less gRPC channels in both the policy server and robot client components. An unauthenticated, network-reachable attacker can achieve a...

9.8CVSS6.4AI score0.15547EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.15 views

PT-2026-34741

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0 Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the policy server and robot client components. The software uses the pickle.loads function to deserialize data receive...

9.8CVSS8.1AI score0.15547EPSS
Exploits1References51
Rows per page
Query Builder