20 matches found
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
EUVD-2026-17614
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-32724
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CVE-2026-32724
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
PX4-Autopilot 资源管理错误漏洞
PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions prior to PX4-Autopilot 1.17.0-rc1 contained a resource management vulnerability. This vulnerability stemmed from the use of reusing objects after their release in the MavlinkShell::available function, which could...
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
EUVD-2026-12179
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CVE-2026-32724
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
CVE-2026-32724
The CVE-2026-32724 vulnerability affects PX4 Autopilot: a heap-use-after-free in MavlinkShell::available() caused by a race between the MAVLink receiver thread (shell creation/destruction) and the telemetry sender thread (polling output). It is triggerable remotely via MAVLink SERIAL_CONTROL mess...
PT-2026-25400
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
EUVD-2025-25008
Malicious code in bioql PyPI...
CVE-2025-9020 PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free
A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handlemessageserialcontrol of the file src/modules/mavlink/mavlinkreceiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument mavlinkshell leads to use...
CVE-2025-9020
Summary: CVE-2025-9020 affects PX4 PX4-Autopilot up to 1.15.4. The issue resides in MavlinkReceiver::handle_message_serial_control within mavlink_receiver.cpp of the Mavlink Shell Closing Handler. The argument _mavlink_shell is manipulated, causing a use-after-free condition. Local access is requ...
PT-2025-33453 · Px4 · Px4-Autopilot
Name of the Vulnerable Software and Affected Versions: PX4 PX4-Autopilot versions through 1.15.4 Description: A use-after-free issue exists in the MavlinkReceiver::handle message serial control function within the src/modules/mavlink/mavlink receiver.cpp file of the Mavlink Shell Closing Handler...
PX4 Drone Autopilot 资源管理错误漏洞
PX4 Drone Autopilot is a PX4 drone autopilot open source by PX4 Autopilot. A resource management error vulnerability exists in PX4 Drone Autopilot version 1.15.4 and earlier, which stems from the MavlinkReceiver::handlemessageserialcontrol function mishandling the parameter mavlinkshell, which...