{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1579","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2026-01-28T22:27:22.970Z","datePublished":"2026-03-31T20:20:06.506Z","dateUpdated":"2026-03-31T20:36:09.044Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2026-03-31T20:20:06.506Z"},"title":"PX4 Autopilot Missing authentication for critical function","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306","type":"CWE"}]}],"affected":[{"vendor":"PX4","product":"Autopilot","versions":[{"status":"affected","version":"v1.16.0 SITL"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The MAVLink communication protocol does not require cryptographic \nauthentication by default. When MAVLink 2.0 message signing is not \nenabled, any message -- including SERIAL_CONTROL, which provides \ninteractive shell access -- can be sent by an unauthenticated party with\n access to the MAVLink interface. PX4 provides MAVLink 2.0 message \nsigning as the cryptographic authentication mechanism for all MAVLink \ncommunication. When signing is enabled, unsigned messages are rejected \nat the protocol level.","supportingMedia":[{"type":"text/html","base64":false,"value":"The MAVLink communication protocol does not require cryptographic \nauthentication by default. When MAVLink 2.0 message signing is not \nenabled, any message -- including SERIAL_CONTROL, which provides \ninteractive shell access -- can be sent by an unauthenticated party with\n access to the MAVLink interface. PX4 provides MAVLink 2.0 message \nsigning as the cryptographic authentication mechanism for all MAVLink \ncommunication. When signing is enabled, unsigned messages are rejected \nat the protocol level."}]}],"references":[{"url":"https://docs.px4.io/main/en/mavlink/security_hardening"},{"url":"https://docs.px4.io/main/en/mavlink/message_signing"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-02"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-090-02.json"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"CRITICAL","baseScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"PX4 recommends enabling MAVLink 2.0 message signing as the \nauthentication mechanism for all non‑USB communication links. PX4 has \npublished a security hardening guide for integrators and manufacturers \nat \n https://docs.px4.io/main/en/mavlink/security_hardening \n\n\nMessage signing configuration documentation can be found at \n https://docs.px4.io/main/en/mavlink/message_signing","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>PX4 recommends enabling MAVLink 2.0 message signing as the \nauthentication mechanism for all non‑USB communication links. PX4 has \npublished a security hardening guide for integrators and manufacturers \nat&nbsp;<br><a href=\"https://docs.px4.io/main/en/mavlink/security_hardening\" title=\"(opens in a new window)\">https://docs.px4.io/main/en/mavlink/security_hardening</a></p><p><br>Message signing configuration documentation can be found at&nbsp;<br><a href=\"https://docs.px4.io/main/en/mavlink/message_signing\" title=\"(opens in a new window)\">https://docs.px4.io/main/en/mavlink/message_signing</a></p>"}]}],"credits":[{"lang":"en","value":"Dolev Aviv of Cyviation reported this vulnerability to CISA.","type":"finder"}],"source":{"advisory":"ICSA-26-090-02","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-31T20:35:56.040324Z","id":"CVE-2026-1579","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-31T20:36:09.044Z"}}]}}