CVE-2026-1442

Published: Feb 27, 2026Modified: Mar 11, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: cve@takeonme.org (Secondary)

Description

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.

Affected (7)

Products: Unitree: Go2 Edu Standard Firmware, Go2 Air Firmware, Go2 Pro Firmware, Go2 X Firmware, Go1 Air Firmware, Go1 Pro Firmware, Go2 Edu Plus Firmware

Unitree

7 products

Go2 Edu Standard Firmware

Go2 Edu Plus Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go2 Edu Standard Firmware	All versions

Running on/with	Platform Versions
Unitree Go2 Edu Standard	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go2 Air Firmware	All versions

Running on/with	Platform Versions
Unitree Go2 Air	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go2 Pro Firmware	All versions

Running on/with	Platform Versions
Unitree Go2 Pro	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go2 X Firmware	All versions

Running on/with	Platform Versions
Unitree Go2 X	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go1 Air Firmware	All versions

Running on/with	Platform Versions
Unitree Go1 Air	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go1 Pro Firmware	All versions

Running on/with	Platform Versions
Unitree Go1 Pro	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Unitree Go2 Edu Plus Firmware	All versions

Running on/with	Platform Versions
Unitree Go2 Edu Plus	All versions

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (4)

http://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001111111111110101111111111000000000000000000000000000000000000000000000000000000101

Source: cve@takeonme.org

ExploitThird Party Advisory

https://github.com/Bin4ry/UniTEABag

Source: cve@takeonme.org

ExploitThird Party Advisory

https://www.linkedin.com/posts/kevin-finisterre-6431069a_in-case-you-want-to-teabag-unitree-robotics-activity-7432984361014091776-zB4D

Source: cve@takeonme.org

Third Party Advisory

https://x.com/bin4rydigit/status/2027197985625420242

Source: cve@takeonme.org

Third Party Advisory

Timeline

No history available yet.