{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiam5ap7cd5pcndijrydp4nywehflqfywfmfzrrxmcjhcf5fq64tr4",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mkrhlf6dvzc2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiggwubajubwkxpggtbktch2gqv3yxuweebkklfswm5pyidyq4dlb4"
    },
    "mimeType": "image/webp",
    "size": 24528
  },
  "path": "/hugging-face-lerobot-flaw-enables-unauthenticated-remote-code-execution/",
  "publishedAt": "2026-04-30T16:59:45.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Hugging Face LeRobot flaw enables unauthenticated remote code execution",
    "VPN Central"
  ],
  "textContent": "A critical vulnerability in Hugging Face LeRobot can let unauthenticated attackers run commands on systems that expose the framework’s async inference service to a network. The flaw is tracked as CVE-2026-25874 and affects LeRobot versions through 0.5.1. VulnCheck rates it as critical with a 9.3 CVSS v4 score, while NVD lists a 9.8 CVSS v3.1 […]\n\nThe post Hugging Face LeRobot flaw enables unauthenticated remote code execution appeared first on VPN Central.",
  "title": "Hugging Face LeRobot flaw enables unauthenticated remote code execution"
}