PX4 Autopilot
Summary
A vulnerability in PX4 Autopilot, specifically CVE-2026-1579, allows attackers with MAVLink interface access to execute arbitrary shell commands without authentication if MAVLink 2.0 message signing is not enabled. Successful exploitation could impact critical infrastructure sectors like transportation and defense.
IFF Assessment
The vulnerability allows unauthenticated attackers to gain control over critical systems, posing a significant threat to operational integrity and safety.
Severity
The CVSS score of 9.8 reflects the high severity of this vulnerability, stemming from the lack of authentication for a critical function allowing remote code execution on affected systems.
Defender Context
Defenders should ensure MAVLink 2.0 message signing is enabled for all non-USB communication links on PX4 Autopilot systems. This is crucial for preventing unauthorized command execution and maintaining the integrity of drone and other unmanned system operations.