CVE-2026-1579 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 31, 2026
PX4 MAVLink - Authentication Bypass
Published: March 31, 2026Updated: March 31, 2026Remote Exploitable
Overview
PX4 MAVLink communication protocol without MAVLink 2.0 message signing contains an authentication bypass caused by lack of cryptographic authentication, letting unauthenticated attackers send arbitrary messages including SERIAL_CONTROL, exploit requires MAVLink 2.0 message signing to be disabled.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can send arbitrary commands including interactive shell access, potentially leading to full system compromise.
Mitigation
Enable MAVLink 2.0 message signing or update to the latest version with signing enabled.
References
Related Resources
Details
- CVE ID
- CVE-2026-1579
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H