CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-10 19:17

Updated : 2026-03-12 17:05

NVD link : CVE-2026-26742

Mitre link : CVE-2026-26742

CVE.ORG link : CVE-2026-26742

JSON object : View

Products Affected

dronecode

px4_drone_autopilot

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-26742", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-10T19:17:17.280", "references": [{"url": "https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the \"Re-arm Grace Period\" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control."}, {"lang": "es", "value": "Las versiones 1.12.x a 1.15.x del Autopiloto PX4 contienen un fallo en el mecanismo de protecci\u00f3n en la l\u00f3gica del 'Per\u00edodo de Gracia de Rearmado'. El sistema aplica incorrectamente la l\u00f3gica de rearmado de emergencia en vuelo a escenarios en tierra. Si un piloto cambia al modo Manual y rearma en un plazo de 5 segundos (configuraci\u00f3n predeterminada) despu\u00e9s de un aterrizaje autom\u00e1tico, el sistema omite todas las comprobaciones de seguridad previas al vuelo, incluida la comprobaci\u00f3n del umbral del acelerador. Esto permite un despegue inmediato con alto empuje si se eleva la palanca del acelerador, lo que lleva a la p\u00e9rdida de control."}], "lastModified": "2026-03-12T17:05:45.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A8C03F6-C15B-44A0-8FF2-05E73A47F26E", "versionEndExcluding": "1.16.0", "versionStartIncluding": "1.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}