A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to execute arbitrary system commands on vulnerable host machines. With nearly 24,000 stars on GitHub, this […] The post Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks appeared first on Cyber Security News.