CVE-2026-26741

HIGH EPSS 17.1%
Published Mar 10, 20263mo ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Mar 10, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
dronecodepx4_drone_autopilot*≥1.12.0  –  <1.16.0

References 1

  • github.com https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md
    ExploitMitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.