PatchSiren

Ardupilot CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Ardupilot CVE published 2026-07-02

CVE-2026-38971

CVE-2026-38971 is a critical vulnerability in Arduplane, an autopilot system for unmanned aerial vehicles (UAVs). The vulnerability is caused by an out-of-bounds read issue in the GCS_MAVLink library, specifically in the handle_serial_control() function. This issue may allow an attacker to read sensitive data or cause a denial of service. The vulnerability has a CVSS score of 9.1 and is considered critica [truncated]