Researcher Valentin Lobstein of VulnCheck disclosed CVE-2026-25874, a CVSS-9.3 vulnerability in Hugging Face's LeRobot framework: the async inference PolicyServer uses Python's pickle.loads() to deserialize attacker-controlled data over unauthenticated, unencrypted gRPC endpoints, enabling unauthenticated remote code execution on both server and client. A second researcher had independently reported the same flaw in December 2025 without resolution. No patch exists; Hugging Face has acknowledged the affected code "needs to be almost entirely refactored" and plans a fix in version 0.6.0. The risk is amplified because LeRobot typically runs with elevated privileges and direct access to physical robotics hardware, making exploitation a physical-safety concern, not just a data-security one.