{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihtbwqctrghrmfwtky2pu44jsutbxzcyseavn7kqizp6wlvl4ujpy",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mkkmxmhi24y2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidkucfz3b2voethnzzj5wrxgvn6v2ov3fc6aa3lsn5w5gyxybhvui"
    },
    "mimeType": "image/jpeg",
    "size": 287595
  },
  "path": "/2026/04/critical-cve-2026-25874-leaves-hugging.html",
  "publishedAt": "2026-04-28T11:18:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.\nThe vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the",
  "title": "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE"
}