CVE-2026-26741

HIGH

8.1

Descricao

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage

Detalhes CVE

Pontuacao CVSS v3.18.1

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/10/2026

Ultima modificacao3/12/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

dronecode:px4_drone_autopilot

Fraquezas (CWE)

CWE-862

Referencias

https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.