Skip to main content

Autopilot

1 CVEs product

Monthly

CVE-2026-1579 CRITICAL CISA NEWS Emergency

Unauthenticated remote code execution in PX4 Autopilot via MAVLink protocol allows network attackers to execute arbitrary commands through SERIAL_CONTROL messages when message signing is disabled. The MAVLink 2.0 protocol in PX4 accepts unsigned messages by default, enabling any party with network access to the MAVLink interface to send interactive shell commands without cryptographic authentication. EPSS data not provided; no KEV status confirmed; reported by ICS-CERT indicating potential operational technology impact.

Authentication Bypass Autopilot
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL Emergency

Unauthenticated remote code execution in PX4 Autopilot via MAVLink protocol allows network attackers to execute arbitrary commands through SERIAL_CONTROL messages when message signing is disabled. The MAVLink 2.0 protocol in PX4 accepts unsigned messages by default, enabling any party with network access to the MAVLink interface to send interactive shell commands without cryptographic authentication. EPSS data not provided; no KEV status confirmed; reported by ICS-CERT indicating potential operational technology impact.

Authentication Bypass Autopilot
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy