CISA published advisory ICSA-26-090-02 on March 31 disclosing a critical missing-authentication vulnerability in PX4 Autopilot, the open-source flight control firmware used in commercial and research drones worldwide. Tracked as CVE-2026-1579, the flaw carries a CVSS v3.1 score of 9.8 and allows an unauthenticated attacker with network access to the MAVLink interface to obtain an interactive shell on the flight controller.

What happened

Security researcher Dolev Aviv of Cyviation discovered that PX4’s implementation of the MAVLink 2.0 protocol does not enforce cryptographic message signing by default. The SERIAL_CONTROL MAVLink message type — designed for diagnostic serial port access — is available to any party that can reach the MAVLink endpoint, with no authentication gate.

In a default deployment, an attacker on the same network segment (or with radio access to the telemetry link) can send crafted SERIAL_CONTROL messages to open an interactive NuttX shell (nsh) on the flight controller. From there, they have full control of the autopilot.

Technical details

  • CVE: CVE-2026-1579
  • CWE: CWE-306 (Missing Authentication for Critical Function)
  • CVSS v3.1: 9.8 (Critical) — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Affected version: PX4 Autopilot v1.16.0_SITL_latest_stable (other versions using MAVLink without signing are presumed vulnerable)
  • Attack vector: Network-accessible MAVLink interface (UDP, serial radio, or WiFi telemetry)
  • Prerequisites: Attacker must be able to send MAVLink messages to the drone. No credentials required.

The root cause is straightforward: MAVLink 2.0 supports cryptographic message signing, but PX4 ships with it disabled by default. Without signing, the protocol has no concept of sender identity. Any message that arrives on the MAVLink channel is processed as legitimate — including SERIAL_CONTROL, which was never meant to be exposed to untrusted parties.

Impact

The affected sectors, per CISA, include Transportation Systems, Emergency Services, and Defense Industrial Base. PX4 is one of the two dominant open-source autopilot stacks (alongside ArduPilot) and powers a wide range of platforms: commercial delivery drones, agricultural survey UAVs, search-and-rescue platforms, and research vehicles.

An attacker exploiting this vulnerability can:

  • Hijack flight paths — alter waypoints, override return-to-home, or fly the drone to a chosen location
  • Force a crash — issue motor-stop or attitude override commands
  • Exfiltrate data — read onboard sensor data, camera feeds, or mission logs
  • Lock out operators — change parameters or disable the RC override, denying the legitimate pilot control
  • Pivot deeper — if the drone is connected to a ground control station over a network link, the shell could be a stepping stone into the GCS host

CISA notes there is no known active exploitation at this time, but the attack is trivial to execute once an attacker has MAVLink access, and proof-of-concept tooling for MAVLink injection has been publicly available for years.

What to do right now

  1. Enable MAVLink 2.0 message signing immediately. Generate a strong 32-byte signing key and configure it on both the flight controller and all authorized ground control stations. This is the single most effective mitigation.

  2. Audit all PX4 deployments. Check whether MAV_SIGNING parameters are enabled. If your fleet was deployed with defaults, signing is almost certainly off.

  3. Segment drone networks. MAVLink traffic should never traverse shared or internet-routable networks without encryption. Use VPN tunnels or dedicated radio links with authentication.

  4. Restrict SERIAL_CONTROL access. If your firmware version supports it, disable the SERIAL_CONTROL message type entirely on production vehicles. There is no reason for diagnostic shell access to be available in-flight.

  5. Monitor for firmware updates. The PX4 project is expected to release a patched version that enforces signing by default. Track the PX4 GitHub repository for updates.

  6. Review companion computer links. If the drone runs a companion computer (Raspberry Pi, Jetson, etc.) connected via MAVLink, ensure the link between the companion and the flight controller is also authenticated.

Broader context

This vulnerability highlights a persistent pattern in embedded and OT systems: security-critical features exist in the protocol spec but ship disabled for ease of deployment. MAVLink signing has been available since 2017. Nine years later, the default is still “trust everything on the wire.”

For organizations operating drone fleets in any capacity — logistics, inspection, agriculture, public safety — this is a wake-up call to treat UAV firmware configuration with the same rigor applied to any other networked infrastructure component.

CISA Advisory: ICSA-26-090-02 CVE Detail: CVE-2026-1579