CVE-2026-1442

HIGH EPSS 4.8%
Published Feb 27, 20264mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-321

Affected Products 14

VendorProductVersionRange
unitreego2_edu_plus_firmware*any
unitreego2_edu_plus*any
unitreego1_pro_firmware*any
unitreego1_pro*any
unitreego1_air_firmware*any
unitreego1_air*any
unitreego2_x_firmware*any
unitreego2_x*any
unitreego2_pro_firmware*any
unitreego2_pro*any
unitreego2_air_firmware*any
unitreego2_air*any
unitreego2_edu_standard_firmware*any
unitreego2_edu_standard*any

References 4

  • takeonme.org http://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001111111111110101111111111000000000000000000000000000000000000000000000000000000101
    ExploitThird Party Advisory
  • github.com https://github.com/Bin4ry/UniTEABag
    ExploitThird Party Advisory
  • linkedin.com https://www.linkedin.com/posts/kevin-finisterre-6431069a_in-case-you-want-to-teabag-unitree-robotics-activity-7432984361014091776-zB4D
    Third Party Advisory
  • x.com https://x.com/bin4rydigit/status/2027197985625420242
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.