CVE-2026-27510
Received Received - Intake
Remote Code Execution in Unitree Go2 Firmware via Python Injection

Publication date: 2026-02-26

Last updated on: 2026-03-12

Assigner: VulnCheck

Description
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-12
Generated
2026-05-07
AI Q&A
2026-02-26
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27510
EUVD
EUVD-2026-8882
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unitree go2_firmware From 1.1.7 (inc) to 1.1.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2026-27510 affects Unitree Go2 firmware versions 1.1.7 through 1.1.11 when used with the Unitree Go2 Android application. The vulnerability is due to missing integrity protection and validation of user-created programs stored in the app's local SQLite database. The robot executes Python code from these programs as root without verifying their integrity or validating their content. An attacker with local access to the Android device can tamper with stored programs to inject arbitrary Python code that executes with root privileges when triggered by a controller keybinding. This malicious code persists across reboots. Additionally, malicious programs shared through the app's community marketplace can cause arbitrary code execution on any robot that imports and runs them."}] [1]


How can this vulnerability impact me? :

This vulnerability allows an attacker with local access to the Android device to execute arbitrary Python code on the robot with root privileges. This can lead to unauthorized control over the robot, potentially compromising its confidentiality, integrity, and availability. The malicious code can persist across reboots, making the attack persistent. Moreover, malicious programs distributed through the community marketplace can infect multiple robots, increasing the scope of impact.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability involves tampering with the local SQLite database (unitree_go2.db) used by the Unitree Go2 Android application, specifically the dog_programme table and its pyCode field. Detection involves inspecting this database for unauthorized or suspicious modifications to stored programs.'}, {'type': 'paragraph', 'content': 'On the Android device, you can extract and query the SQLite database to check for unexpected or malicious Python code in the dog_programme table.'}, {'type': 'list_item', 'content': 'Use adb to pull the database: adb pull /data/data/com.unitree.doggo2/databases/unitree_go2.db'}, {'type': 'list_item', 'content': 'Use sqlite3 to inspect the dog_programme table: sqlite3 unitree_go2.db "SELECT id, programme_text, pyCode FROM dog_programme;"'}, {'type': 'paragraph', 'content': 'Look for unusual or suspicious Python code in the pyCode field that could indicate tampering.'}, {'type': 'paragraph', 'content': "Additionally, monitor the robot's actuator_manager.py execution logs (if accessible) for unexpected root-level Python executions triggered by controller keybindings."}] [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately restrict local access to the Android device running the Unitree Go2 app to prevent attackers from tampering with the stored programs.

Avoid importing or running programs from the community marketplace until a patch or update is available that adds integrity protection and validation.

If possible, update the Unitree Go2 firmware and Android application to versions beyond 1.1.11 where this vulnerability is fixed.

As a temporary measure, regularly inspect the dog_programme table in the unitree_go2.db SQLite database for unauthorized modifications and remove suspicious entries.

Consider disabling or restricting the execution of user-created programs until the vulnerability is addressed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart