Critical severity9.8NVD Advisory· Published Mar 31, 2026· Updated Apr 7, 2026
CVE-2026-1579
CVE-2026-1579
Description
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-090-02.jsonnvdThird Party Advisory
- www.cisa.gov/news-events/ics-advisories/icsa-26-090-02nvdThird Party AdvisoryUS Government Resource
- docs.px4.io/main/en/mavlink/message_signingnvdProduct
- docs.px4.io/main/en/mavlink/security_hardeningnvdProduct
News mentions
0No linked articles in our index yet.