CVE-2026-26742
HIGHCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3Description
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.
Analysis
PX4 Autopilot versions 1.12.x through 1.15.x can be forced into an unsafe re-arm state when pilots switch to Manual mode and re-arm within 5 seconds of landing, bypassing critical pre-flight safety checks and throttle validation. This allows attackers or malicious pilots to trigger immediate high-thrust takeoff, resulting in loss of aircraft control. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all PX4 Autopilot deployments and identify systems running versions 1.12.x through 1.15.x; restrict flight operations for affected systems to supervised, isolated test environments only. Within 7 days: Contact PX4 vendor for patch availability and timeline; evaluate alternative autopilot platforms or older/newer PX4 versions not affected by this vulnerability. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today