CVE-2026-1579

Medienbericht

EPSS 0.08%
Veröffentlicht 31.03.2026 20:20:06
Zuletzt bearbeitet 07.04.2026 15:33:30
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The MAVLink communication protocol does not require cryptographic 
authentication by default. When MAVLink 2.0 message signing is not 
enabled, any message -- including SERIAL_CONTROL, which provides 
interactive shell access -- can be sent by an unauthenticated party with
 access to the MAVLink interface. PX4 provides MAVLink 2.0 message 
signing as the cryptographic authentication mechanism for all MAVLink 
communication. When signing is enabled, unsigned messages are rejected 
at the protocol level.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Px4 ≫ Autopilot Version1.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.244

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://thehackernews.com/2026/04/weekly-recap-axios-hack-chrome-0-day.html

Medienbericht

TheHackersNews

10.04.2026 15:19

https://docs.px4.io/main/en/mavlink/security_hardening

Product

https://docs.px4.io/main/en/mavlink/message_signing

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-02

Third Party Advisory

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-090-02.json