Platform
other
Component
csaf
Fixed in
1.16.1
CVE-2026-1579 is a critical vulnerability affecting the PX4 Autopilot system. It stems from a lack of default cryptographic authentication in the MAVLink communication protocol. This allows an attacker with access to the MAVLink interface to send malicious commands, including SERIAL_CONTROL, granting interactive shell access. The vulnerability impacts versions 1.16.0 SITL–v1.16.0 SITL, and mitigation involves enabling MAVLink 2.0 message signing.
The primary impact of CVE-2026-1579 is the potential for unauthorized control of the PX4 Autopilot system. An attacker can leverage the lack of authentication to inject malicious commands through the MAVLink interface, effectively gaining interactive shell access. This could lead to complete system compromise, including modification of flight parameters, data exfiltration, or even hijacking of the autopilot's control. The SERIAL_CONTROL message is particularly concerning as it provides a direct channel for command execution. This vulnerability is analogous to scenarios where unauthenticated access to a critical system component can lead to full system takeover.
CVE-2026-1579 was publicly disclosed on 2026-03-31. There is no EPSS score available at this time. Public proof-of-concept exploits are not yet known, but the ease of exploitation due to the lack of authentication suggests a potential for rapid development. The vulnerability is listed on the CISA KEV catalog, indicating a heightened level of concern. Active campaigns are not currently confirmed.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1579 is to enable MAVLink 2.0 message signing. This cryptographic authentication mechanism ensures that only signed messages are accepted, preventing unauthorized commands from being executed. Configuration involves enabling signing within the PX4 Autopilot configuration files. If upgrading PX4 is not immediately feasible, consider implementing network segmentation to restrict access to the MAVLink interface. Monitor MAVLink traffic for unexpected or unauthorized commands. After enabling MAVLink 2.0 message signing, confirm functionality by attempting to send an unsigned MAVLink command and verifying that it is rejected.
Enable MAVLink 2.0 message signing to require cryptographic authentication for all MAVLink communications. This will reject unsigned messages at the protocol level, preventing unauthorized access to critical functions like SERIAL_CONTROL.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1579 is a critical vulnerability in PX4 Autopilot versions 1.16.0 SITL–v1.16.0 SITL that allows unauthenticated access to the system via the MAVLink protocol, enabling interactive shell access.
If you are using PX4 Autopilot versions 1.16.0 SITL–v1.16.0 SITL and have not enabled MAVLink 2.0 message signing, you are potentially affected by this vulnerability.
Enable MAVLink 2.0 message signing in your PX4 Autopilot configuration. This will require modifying configuration files and ensuring that all MAVLink communication is properly authenticated.
While active exploitation is not currently confirmed, the ease of exploitation due to the lack of authentication suggests a potential for rapid development and deployment of exploits.
Refer to the official PX4 Autopilot documentation and security advisories on the PX4 Autopilot website for the latest information and guidance regarding CVE-2026-1579.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.