A critical vulnerability in Hugging Face’s LeRobot allows unauthenticated remote code execution.
The flaw stems from unsafe pickle deserialization over unsecured gRPC channels, enabling attackers to execute arbitrary commands on AI systems and robot clients.
sctocs.com/huggingface-...
A critical unpatched flaw leaves Hugging Face LeRobot vulnerable to unauthenticated RCE, raising serious concerns over AI platform security.
