CVE-2026-26742
Bypass of Pre-Flight Checks in PX4 Autopilot Causes Control Loss
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dronecode | px4_drone_autopilot | From 1.12.0 (inc) to 1.16.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in PX4 Autopilot versions 1.12.x through 1.15.x in the "Re-arm Grace Period" logic. The system mistakenly applies the in-air emergency re-arm logic to situations on the ground. Specifically, if a pilot switches to Manual mode and re-arms the system within 5 seconds after an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check.
This flaw allows an immediate high-thrust takeoff if the throttle stick is raised, which can lead to loss of control of the vehicle.
How can this vulnerability impact me? :
This vulnerability can lead to a dangerous situation where the vehicle takes off immediately with high thrust without proper safety checks. This can cause loss of control, potentially resulting in crashes, damage to property, injury, or even loss of life depending on the context in which the PX4 Autopilot is used.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know