A critical remote code execution (RCE) vulnerability has been identified in Hugging Face’s LeRobot, an open-source robotics machine learning framework widely adopted across the AI and research community. Tracked as CVE-2026-25874, the flaw carries a CVSS score of 9.8, enabling unauthenticated attackers to execute arbitrary system commands on vulnerable deployments. With more than 21,500 GitHub […] The post Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks appeared first on Cyber Security News.