Remote Code Execution Vulnerability in Unitree Go2 and Android Application

CVE-2026-27510

What is CVE-2026-27510?

The Unitree Go2 firmware (versions 1.1.7 to 1.1.11), when paired with the Unitree Go2 Android application, is susceptible to remote code execution. This critical flaw arises from inadequate integrity protection and validation of user-created programs stored within the app's SQLite database. The vulnerability allows an attacker with local access to the Android device to manipulate the stored program data, injecting malicious Python code that is then executed by the robot's actuator manager. This operation occurs without any integrity checks, enabling persistent malicious code execution across reboots. Additionally, code shared through the app's community marketplace poses serious risks as it can lead to arbitrary code execution on any robot that imports and executes such programs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References