CRITICAL
Ardupilot
CVE published 2026-07-02
CVE-2026-38971
CVE-2026-38971 is a critical vulnerability in Arduplane, an autopilot system for unmanned aerial vehicles (UAVs). The vulnerability is caused by an out-of-bounds read issue in the GCS_MAVLink library, specifically in the handle_serial_control() function. This issue may allow an attacker to read sensitive data or cause a denial of service. The vulnerability has a CVSS score of 9.1 and is considered critica [truncated]