Go2 Edu Firmware

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-27509 HIGH POC This Week

Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.

Python Go2 Firmware Go2 Edu Firmware

NVD

CVSS 3.1

8.0

EPSS

0.0%

CVE-2026-27509

EPSS 0% CVSS 8.0

HIGH POC This Week

Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.

Python Go2 Firmware Go2 Edu Firmware

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy