CVE-2026-27510 - Vulnerability Analysis

Overview

Unitree Go2 firmware 1.1.7 through 1.1.11 with Unitree Go2 Android app contains a remote code execution vulnerability caused by missing integrity checks on user-created programs executed as root, letting attackers execute arbitrary Python code remotely or locally via tampered programs.

Severity & Score

Impact

Attackers can execute arbitrary code as root on the robot, leading to full system compromise.

Mitigation

Update Unitree Go2 firmware to a version later than 1.1.11 and update the Android application to the latest version with integrity checks.

References

• https://boschko.ca/unitree-go2-rce/
• https://shop.unitree.com/products/unitree-go2
• https://www.vulncheck.com/advisories/unitree-go2-mobile-program-tampering-enables-root-rce

Social Media Activity(2 posts)

/r/netsec

@_r_netsec

Feb 26, 2026

From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/

View original post

/r/netsec

@_r_netsec

Feb 26, 2026

From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner