CVE-2026-26741

High CVSS: 8.1

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage

Vendor

Dronecode

Product

Px4 Drone Autopilot

CWE

CWE-862

Yayın Tarihi

2026-03-10 19:17:17

Güncelleme

2026-03-12 17:05:29

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-862 Px4 Drone Autopilot HIGH Dronecode 2026

Referanslar

https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md

Benzer Kayıtlar

Medium

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to…

Medium

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the Mav…

Medium

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerabil…

Medium

CVE-2026-32713

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink F…

Medium

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string term…

High

CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized vari…