CVE-2026-38971
Received Received - Intake

Out-of-Bounds Read in ArduPilot Plane

Vulnerability report for CVE-2026-38971, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: MITRE

Description

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ardupilot plane From 4.6.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read issue found in the ardupilot software, specifically in the Plane-4.6.3 version. It occurs in the file libraries/GCS_MAVLink/GCS_serial_control.cpp within the function GCS_MAVLINK::handle_serial_control().

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart