216.73.216.215

CVE-2026-1579

· Published 31/03/2026 21:16 · Modified 01/04/2026 14:23

Labels: CVE-2026-1579 2026-03-31CVE-2026-1579CWE-306[email protected]

Essential information

Published
31/03/2026 21:16
Modified
01/04/2026 14:23
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
px4 / px4 cpe:2.3:a:px4:px4:*:*:*:*:*:*:*:*
mavlink / mavlink cpe:2.3:a:mavlink:mavlink:*:*:*:*:*:*:*:*

References