Home / Vulnerability Intelligence / CVE-2026-26741

CVE-2026-26741 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 11, 2026

PX4 Autopilot - Logic Flaw in Mode Switching

Published: March 10, 2026Updated: March 11, 2026

Overview

PX4 Autopilot 1.12.x through 1.15.x contains a logic flaw in mode switching from Auto to Manual while armed, caused by missing throttle threshold safety check, letting attackers cause rapid uncontrolled ascent and loss of control, exploit requires drone to be armed and mode switched.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can cause drone loss of control and rapid ascent, potentially leading to property damage.

Mitigation

Update to a version later than 1.15.x or the latest available version.

References

https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md

Related Resources

Details

CVE ID: CVE-2026-26741
Severity: High
CVSS Score: 8.1
Type: logic_flaw
Status: unconfirmed

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H