Post #18600

📰 Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the. 🔗 Source: https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html #opensource