Home / Vulnerability Intelligence / CVE-2026-26742

CVE-2026-26742 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 11, 2026

PX4 Autopilot - Authentication Bypass

Published: March 10, 2026Updated: March 11, 2026

Overview

PX4 Autopilot 1.12.x through 1.15.x contains a protection mechanism failure caused by incorrect application of in-air emergency re-arm logic to ground scenarios, letting pilots bypass pre-flight safety checks and cause loss of control, exploit requires switching to Manual mode and re-arming within 5 seconds of automatic landing.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Pilot can bypass safety checks and cause immediate high-thrust takeoff, potentially leading to loss of vehicle control and crash.

Mitigation

Update to a version later than 1.15.x or latest available version.

References

https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md

Related Resources

Details

CVE ID: CVE-2026-26742
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H