CVE-2026-27509

High CVSS: 8.5

Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publish a crafted message (api_id=1002) containing arbitrary Python, which the robot writes to disk under /unitree/etc/programming/ and binds to a physical controller keybinding. When the keybinding is pressed, the code executes as root and the binding persists across reboots.

Vendor

Unitree

Product

Go2 Firmware

CWE

CWE-306

Yayın Tarihi

2026-02-26 20:31:38

Güncelleme

2026-03-12 20:17:02

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Go2 Firmware HIGH Unitree 2026

Referanslar

https://boschko.ca/unitree-go2-rce/ https://shop.unitree.com/products/unitree-go2 https://www.vulncheck.com/advisories/unitree-go2-missing-dds-authentication-enables-adjacent-rce

Benzer Kayıtlar

High

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an a…

Medium

CVE-2026-27510

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…

High

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a com…

High

CVE-2025-45466

Unitree Go1

High

CVE-2025-45467

Unitree Go1

Medium

CVE-2025-2894

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an u…