Cybersecurity researchers have disclosed details of a critical
security flaw impacting LeRobot, Hugging Face's open-source
robotics platform with nearly 24,000 GitHub stars, that could be
exploited to achieve remote code execution. The vulnerability in
question is CVE-2026-25874 (CVSS score: 9.3), which has been
described as a case of untrusted data deserialization stemming from
the use of the
Read more https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html
