The Robots Are Unsheared and The Wolves Are Already Inside

Oh good. A 9.3 CVSS. On a Tuesday. On a platform that controls actual physical robots. I'm so glad I got out of bed.

Hugging Face's LeRobot, their cute little open-source robotics darling with nearly 24,000 GitHub stars and apparently zero people assigned to security review, is sitting wide open with a hole in the fence so large a whole pack of coyotes could trot through in single file wearing little hats.

CVE-2026-25874. Untrusted data deserialization. Unauthenticated remote code execution.

For the Lambs in the back: that means a wolf doesn't need a password, a key, or even a polite knock. They just send the platform some specially crafted data, the platform trustingly chews on it like it's fresh grain, and suddenly someone else is running code on your machine. Or your robot. Your physical, moving, actuator-having robot.

Let that sink in for a second.

The vulnerability lives in the deserialization layer, which is a fancy way of saying the software was happily accepting input from the internet and converting it into executable instructions without once asking "wait, should I be doing this?" Classic. I have coworkers with better threat instincts and they click every single fake grain link in our phishing simulations.

No authentication required. No special privileges. Just vibes and a malicious payload.

The Shepherds, I'm sure, are currently in a meeting deciding whether this warrants a slide in the next quarterly review deck. Meanwhile the electric fence is decorative and the flock is grazing directly next to the breach.

LeRobot has nearly 24,000 stars on GitHub. That's 24,000 people who thought "yes, I will use this for my robotics project" and apparently a much smaller number who thought "yes, I will also check if it executes arbitrary code from strangers on the internet." Spoiler: it does.

Remediation (Yes, You Have To)

Stop deploying LeRobot in any internet-facing or networked context until a patch drops. Full stop. Air gap it if you have to.

Watch for an official fix from Hugging Face and apply it the moment it exists. No waiting. No "we'll get to it next sprint." You shear the sheep now or the ticks win.

Audit anything that's already been running. If it touched untrusted input, assume compromise and work backwards.

And for the love of all things pastoral, stop exposing robotics infrastructure to the open internet without authentication. I shouldn't have to say this. I'm too tired to say this.

Unsheared, unpatched, and deeply over it.

Original Report: https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html