CVE-2026-1579 in Autopilot
摘要 (英语)
The MAVLink communication protocol does not require cryptographic
authentication by default. When MAVLink 2.0 message signing is not
enabled, any message -- including SERIAL_CONTROL, which provides
interactive shell access -- can be sent by an unauthenticated party with
access to the MAVLink interface. PX4 provides MAVLink 2.0 message
signing as the cryptographic authentication mechanism for all MAVLink
communication. When signing is enabled, unsigned messages are rejected
at the protocol level.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
负责
icscert
预定
2026-01-28
披露
2026-04-01
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354505 | PX4 Autopilot MAVLink 弱身份验证 | 306 | 未定义 | 未定义 | CVE-2026-1579 |