PX4 Autopilot

Act Now9.8ICS-CERT ICSA-26-090-02Mar 31, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An attacker with access to the MAVLink interface can execute arbitrary shell commands without cryptographic authentication. The MAVLink protocol is used for communication between ground control stations, companion computers, and the autopilot. PX4 recommends enabling MAVLink 2.0 message signing as the authentication mechanism for all non-USB communication links to mitigate this risk.

What this means

What could happen

An attacker with network access to the MAVLink interface could execute arbitrary commands on the PX4 autopilot system without authentication, potentially taking control of the aircraft or drone's flight behavior, navigation, and safety-critical functions.

Who's at risk

Organizations operating PX4-based autonomous aircraft, drones, or unmanned vehicles (aerial or maritime) should be concerned. This affects any system using PX4 v1.16.0 with unprotected MAVLink interfaces, including commercial UAVs, research platforms, and custom autonomous systems used for inspection, mapping, delivery, or surveillance.

How it could be exploited

The attacker sends unauthenticated MAVLink commands over the network (or wireless link) to the autopilot's MAVLink interface. Since the interface lacks cryptographic message authentication, the autopilot accepts and executes these commands, allowing arbitrary shell command execution on the system.

Prerequisites

Network or wireless access to the MAVLink interface
MAVLink 2.0 message signing not enabled on non-USB communication links

remotely exploitableno authentication requiredlow complexityaffects safety-critical systems (flight control)high CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Autopilot: v1.16.0_SITL_latest_stablev1.16.0 SITL latest stableNo fix yet

Remediation & Mitigation

0/3

Do now

0/3

HARDENINGEnable MAVLink 2.0 message signing for all non-USB communication links (wireless, Ethernet, serial, etc.)

HARDENINGReview and apply PX4 security hardening guide available at https://docs.px4.io/main/en/mavlink/security_hardening

HARDENINGConfigure message signing keys and authentication parameters according to https://docs.px4.io/main/en/mavlink/message_signing

CVEs (1)

CVE-2026-1579

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e20716e8-d3af-406e-8050-57fb38a195fd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.