unitree 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥、vendor risk denial of service, and vendor risk command injection などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-1442 | Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the ti | [email protected] | 7.8 | 0.01% | 2026-02-27 | 2026-03-11 |
| CVE-2026-27510 | Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as roo | [email protected] | 6.4 | 0.10% | 2026-02-26 | 2026-03-12 |
| CVE-2026-27509 | Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publish a crafted message (api_id=1002) containing arbitrary Python, which the robot writes to disk under /unitree/etc/programming/ and binds to a physical controller keybinding. When the keybinding is pr | [email protected] | 8.5 | 0.07% | 2026-02-26 | 2026-05-26 |
| CVE-2025-35027 | Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two | [email protected] | 7.3 | 0.26% | 2025-09-26 | 2026-01-12 |
| CVE-2025-45466 | Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext. | [email protected] | 8.8 | 0.09% | 2025-07-25 | 2026-01-12 |
| CVE-2025-45467 | Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | [email protected] | 7.1 | 0.05% | 2025-07-25 | 2026-01-12 |
| CVE-2025-2894 | The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | [email protected] | 6.6 | 0.21% | 2025-03-28 | 2026-01-12 |
| CVE-2023-3104 | Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication. | [email protected] | 5.7 | 0.21% | 2023-11-22 | 2024-11-21 |
| CVE-2023-3103 | Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition. | [email protected] | 8.0 | 0.03% | 2023-11-22 | 2024-11-21 |
| CVE-2022-2675 | Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | [email protected] | 6.5 | 0.23% | 2022-08-05 | 2024-11-21 |