CVE-2026-26011

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometrymsgs/PoseWithCovarianceStamped message with extreme covariance values to...

CVE-2026-26011 Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometrymsgs/PoseWithCovarianceStamped message with extreme covariance values to...

PT-2024-28278 · Open Robotics · Ros2 +1

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble version Description: A heap overflow was discovered in the nav2 amcl process. This issue is triggered via sending a crafted message to the component /initialpose. Recommendations:...

CVE-2024-30964

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initialposesub thread created by nav2btnavigator...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that stems from the inclusion of an insecure privilege vulnerability. A local attacker exploiting this vulnerability could execute arbitrary code via the initialposesub thread created by...