You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
mavlink security
About this tag
The mavlink security tag covers vulnerabilities and best practices related to the MAVLink protocol, commonly used in drone and unmanned vehicle systems. Recent discussions highlight a critical CISA advisory (CVE-2026-1579) affecting PX4 Autopilot, where unsigned MAVLink commands can enable remote shell access. The vulnerability, rated CVSS 9.8, allows unauthenticated traffic to reach the SERIAL_CONTROL function. PX4 documentation warns that unsigned MAVLink traffic can be exploited for shell commands, parameter changes, and mission uploads. Topics include cryptographic signing, authentication, and securing MAVLink interfaces to prevent unauthorized control. This tag is relevant for developers, security researchers, and operators of PX4-based systems seeking to mitigate remote command execution risks.
A newly published CISA industrial control systems advisory says PX4 Autopilot is vulnerable to remote command execution through the MAVLink interface when cryptographic message signing is not enabled, and the agency rates the issue critical at CVSS 9.8. The vulnerability, tracked as...