Skip to main content

gazebo_plugins EUVDEUVD-2026-41221

| CVE-2026-38891 HIGH
Improper Input Validation (CWE-20)
2026-07-01 cve@mitre.org GHSA-866x-255q-hx3g
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated ROS topics give PR:N and a single crafted message gives AC:L; impact is a controller crash (A:H) with no confidentiality or integrity effect, though AV:N assumes ROS network reachability.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 02, 2026 - 17:00 vuln.today
CVSS changed
Jul 02, 2026 - 14:52 NVD
7.5 (HIGH)
CVE Published
Jul 01, 2026 - 22:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.

AnalysisAI

Denial of service in the gazebo_plugins package (v3.9.0), specifically the differential-drive controller gazebo_ros_diff_drive.cpp, lets attackers crash the affected simulation/robot-control node by publishing a specially crafted geometry_msgs::Twist velocity command. Any actor able to reach the relevant ROS topic can trigger the fault because the plugin fails to validate the incoming message before processing it (CWE-20). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach ROS topic network
Delivery
Publish crafted Twist message
Exploit
Trigger improper input validation
Execution
Crash diff-drive plugin
Impact
Denial of service on controller

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be able to publish a crafted geometry_msgs::Twist message onto the ROS topic consumed by the gazebo_ros_diff_drive controller in gazebo_plugins 3.9.0 - i.e., network reachability to the ROS graph/master (ROS 1 topics are unauthenticated by default, matching PR:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and point to a real but low-urgency issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the ROS network (e.g., a foothold on the robot LAN or an exposed ROS master) publishes a crafted geometry_msgs::Twist message to the diff-drive command topic, causing the gazebo_ros_diff_drive plugin to crash and denying control/simulation availability. Because the transport is unauthenticated and the trigger is a single scriptable message (SSVC Automatable=yes), no privileges or user interaction are needed; a public proof-of-concept video and write-up demonstrate the crash.
Remediation No vendor-released patched version is identified in the provided data at time of analysis, and EUVD does not enumerate a fixed release, so track the gazebo_plugins/gazebo_ros upstream project for a corrected release and upgrade off 3.9.0 once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running gazebo_plugins v3.9.0 and assess operational criticality; implement access controls restricting ROS topic publishers to authorized systems only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy