Tag: unauthenticated vulnerability

1 article

Industrial robot on a factory floor with blurred control panel and company logo nearby.

Unpatched Flaw Exposes Hugging Face LeRobot to Remote Code Execution

A critical, unpatched vulnerability in Hugging Face's LeRobot platform, rated CVSS 9.3, allows hackers to remotely execute code by exploiting Python's insecure pickle format, putting users at risk of devastating attacks. This flaw enables unauthenticated attackers to gain control by deserializing malicious data sent over unsecured channels.

Analyst 207