CVE-2026-27510

MEDIUM EPSS 20.8%
Published Feb 26, 20264mo ago · Modified Mar 12, 20263mo ago
6.4 CVSS 4.0
Medium
Find Similar
Published Feb 26, 2026 4mo ago
Last Modified Mar 12, 2026 3mo ago

Description

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.

CVSS Details

Base Score
6.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
20.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-345

Affected Products 2

VendorProductVersionRange
unitreego2_firmware*≥1.1.7  –  ≤1.1.11
unitreego2*any

References 3

  • boschko.ca https://boschko.ca/unitree-go2-rce/
    ExploitThird Party Advisory
  • shop.unitree.com https://shop.unitree.com/products/unitree-go2
    Product
  • vulncheck.com https://www.vulncheck.com/advisories/unitree-go2-mobile-program-tampering-enables-root-rce
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.