{“lastseen”:””,”description”:”The MAVLink communication protocol does not require cryptographic \\nauthentication by default. When MAVLink 2.0 message signing is not \\nenabled, any message — including SERIAL_CONTROL, which provides \\ninteractive shell access — can be sent by an unauthenticated party with\\n access to the MAVLink interface. PX4 provides MAVLink 2.0 message \\nsigning as the cryptographic authentication mechanism for all MAVLink \\ncommunication. When signing is enabled, unsigned messages are rejected \\nat the protocol level.”,”published”:”2026-03-31T20:20:06.506Z”,”modified”:”2026-03-31T20:36:09.044Z”,”type”:”cve”,”title”:”PX4 Autopilot Missing authentication for critical function”,”source”:”icscert”,”references”:”https:\/\/docs.px4.io\/main\/en\/mavlink\/security_hardening\\nhttps:\/\/docs.px4.io\/main\/en\/mavlink\/message_signing\\nhttps:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-26-090-02\\nhttps:\/\/github.com\/cisagov\/CSAF\/blob\/develop\/csaf_files\/OT\/white\/2026\/icsa-26-090-02.json”,”id”:”CVE-2026-1579″,”bulletinFamily”:””,”cwe”:[“CWE-306″],”cvelist”:null,”sourceData”:”PX4 Autopilot v1.16.0 SITL”,”sourceHref”:””,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Autopilot”,”version”:”v1.16.0 SITL”,”vendor”:”PX4″,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The MAVLink communication protocol does not require cryptographic \\nauthentication by default. When MAVLink 2.0 message signing is not \\nenabled, any message — including SERIAL_CONTROL, which…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,55,12,13,7,11,5],"class_list":["post-44462","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n