Unitree Firmware Update Encryption Compromised, Allows Tampering

Summary

Unitree's firmware update encryption has a flaw that makes it possible for unauthorized users to alter firmware updates, which could be installed on devices like the Unitree Go2 and other models. This means that an attacker could potentially install malicious firmware without the owner's knowledge. To protect your device, you should check with Unitree for a fix or a new update that addresses this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
unitree	go2_edu_standard_firmware	All versions	–
unitree	go2_air_firmware	All versions	–
unitree	go2_pro_firmware	All versions	–
unitree	go2_x_firmware	All versions	–
unitree	go1_air_firmware	All versions	–
unitree	go1_pro_firmware	All versions	–
unitree	go2_edu_plus_firmware	All versions	–

Original title

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by ...

Original description

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.

nvd CVSS3.1 7.8

Vulnerability type

CWE-321 Use of Hard-coded Cryptographic Key