CRITICAL
PX4
CVE published 2026-03-31
CVE-2026-1579
CVE-2026-1579 describes a high-impact authentication weakness in PX4 Autopilot deployments that use MAVLink without 2.0 message signing. According to CISA, when signing is not enabled, an unauthenticated party with access to the MAVLink interface can send messages, including SERIAL_CONTROL, which can provide interactive shell access. PX4’s mitigation is to enable MAVLink 2.0 message signing so unsigned me [truncated]