Cyber Resilience

CVE-2026-1442

HighPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1442 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Unitree Go2 Edu Standard Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SC-12 (Cryptographic Key Establishment and Management).

Deeper analysis

CVE-2026-1442 affects the firmware update process in Unitree robotics products, including the Unitree Go2 and all current offerings as of February 26, 2026. The encryption algorithm used to protect these updates relies on key material available to attackers or anyone paying attention, enabling unauthorized alteration of firmware packages. Devices trust these tampered updates, constituting a vulnerability in both firmware generation and extraction processes. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-321.

An attacker with local access can exploit this vulnerability with low complexity, no privileges required, but needing user interaction, such as convincing the equipment owner to apply a modified update. Successful exploitation allows insertion of altered firmware that the device accepts as legitimate, potentially compromising confidentiality, integrity, and availability to a high degree. At the time of disclosure on February 27, 2026, no publicly-documented mechanism existed to subvert the update process without the owner's knowledge.

References point to a GitHub repository (UniTEABag) and discussions on LinkedIn and X, which appear to detail the issue and possibly include proof-of-concept demonstrations, but no vendor advisories or patches are specified in the available information.

EU & UK References

Vulnerability details

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product,…

more

such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
T1542.002 Component Firmware Stealth
Adversaries may modify component firmware to persist on systems.
Why these techniques?

Weak hardcoded crypto in firmware updates directly enables creation and trusted installation of malicious firmware images loaded at boot.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27510Same vendor: Unitree
CVE-2026-27509Same vendor: Unitree
CVE-2025-34256Shared CWE-321
CVE-2025-15016Shared CWE-321
CVE-2025-67112Shared CWE-321
CVE-2025-27674Shared CWE-321
CVE-2025-30234Shared CWE-321
CVE-2025-59407Shared CWE-321
CVE-2026-33362Shared CWE-321
CVE-2026-26335Shared CWE-321

Affected Assets

unitree
go2 edu standard firmware
all versions
unitree
go2 air firmware
all versions
unitree
go2 pro firmware
all versions
unitree
go2 x firmware
all versions
unitree
go1 air firmware
all versions
unitree
go1 pro firmware
all versions
unitree
go2 edu plus firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Implements integrity verification mechanisms such as cryptographic hashes or digital signatures to detect and prevent installation of tampered firmware updates.

prevent

Requires firmware update components to be digitally signed, ensuring devices only trust and apply authentic, untampered updates from authorized sources.

prevent

Establishes and manages cryptographic keys used for firmware update encryption securely, preventing attacker access to key material needed for tampering.

References