Plattform
other
Komponente
csaf
Behoben in
1.16.1
CVE-2026-1579 is a critical vulnerability affecting the PX4 Autopilot system. It stems from a lack of default cryptographic authentication in the MAVLink communication protocol. This allows an attacker with access to the MAVLink interface to send malicious commands, including SERIAL_CONTROL, granting interactive shell access. The vulnerability impacts versions 1.16.0 SITL–v1.16.0 SITL, and mitigation involves enabling MAVLink 2.0 message signing.
The impact of CVE-2026-1579 is severe. An attacker with access to the MAVLink interface can exploit this vulnerability to execute arbitrary commands on the PX4 Autopilot system. This could lead to complete system compromise, including unauthorized control of the drone, data exfiltration, and potential physical harm if the autopilot is controlling a vehicle or other critical infrastructure. The lack of authentication means that any entity within range of the MAVLink interface can potentially launch an attack, making this a significant security risk, particularly in environments where the autopilot is exposed to untrusted networks or individuals. The ability to send SERIAL_CONTROL messages effectively grants shell access, mirroring the impact of remote code execution (RCE).
CVE-2026-1579 was publicly disclosed on 2026-03-31. Currently, there is no indication of active exploitation or a public proof-of-concept (POC). The vulnerability is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation, given the lack of authentication, suggests a potential for future exploitation if a POC is released.
Organizations utilizing PX4 Autopilot in unmanned aerial vehicles (UAVs) or robotics applications are at risk. This includes drone enthusiasts, commercial drone operators, and researchers. Systems deployed in environments with limited physical security or exposed to untrusted networks are particularly vulnerable.
• linux / server: Monitor MAVLink traffic for unsigned messages using tools like Wireshark or tcpdump. Filter for MAVLink messages without the signing field set.
tcpdump -i <interface> 'mavlink and not sig_status'• generic web: Inspect MAVLink endpoints for exposure. Use curl to attempt sending unsigned commands and observe the response.
curl -v -X POST -d '...' <mavlink_endpoint>• other: Examine PX4 Autopilot configuration files for the presence and status of MAVLink 2.0 message signing. Look for configuration parameters related to MAVLINK_SIGNING or similar.
disclosure
Exploit-Status
EPSS
0.09% (25% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1579 is to enable MAVLink 2.0 message signing. This cryptographic authentication mechanism rejects unsigned messages, preventing unauthorized commands from being executed. Configuration details vary depending on the PX4 Autopilot setup, but generally involve enabling the MAVLINK_SIGNING parameter in the autopilot configuration. If upgrading is not immediately feasible, consider restricting access to the MAVLink interface to trusted networks and devices. Monitor MAVLink traffic for unexpected or unauthorized messages. While a WAF is unlikely to be applicable, network segmentation and access control lists (ACLs) can help limit the attack surface. After enabling message signing, confirm functionality by attempting to send an unsigned MAVLink message; it should be rejected.
Aktivieren Sie die MAVLink 2.0 Nachrichtensignierung, um eine kryptografische Authentifizierung für alle MAVLink-Kommunikationen zu erzwingen. Dies lehnt unsignierte Nachrichten auf Protokollebene ab und verhindert so unautorisierten Zugriff auf kritische Funktionen wie SERIAL_CONTROL.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1579 is a critical vulnerability in PX4 Autopilot versions 1.16.0 SITL–v1.16.0 SITL that allows unauthenticated access to the system via the MAVLink protocol, enabling interactive shell access.
If you are using PX4 Autopilot versions 1.16.0 SITL–v1.16.0 SITL and have not enabled MAVLink 2.0 message signing, you are potentially affected by this vulnerability.
Enable MAVLink 2.0 message signing in your PX4 Autopilot configuration. This will require modifying configuration files and ensuring that all MAVLink communication is properly authenticated.
While active exploitation is not currently confirmed, the ease of exploitation due to the lack of authentication suggests a potential for rapid development and deployment of exploits.
Refer to the official PX4 Autopilot documentation and security advisories on the PX4 Autopilot website for the latest information and guidance regarding CVE-2026-1579.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.