CVE-2026-26742

{"id": "CVE-2026-26742", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-10T19:17:17.280", "references": [{"url": "https://github.com/npuwyw/PX4-Autopilot/blob/audit-v1.12.3-mode-transition-logic-flaw/PX4_Autopilot_Mode_Switching_Logic_Vulnerability.md", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the \"Re-arm Grace Period\" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control."}, {"lang": "es", "value": "Las versiones 1.12.x a 1.15.x del Autopiloto PX4 contienen un fallo en el mecanismo de protecci\u00f3n en la l\u00f3gica del 'Per\u00edodo de Gracia de Rearmado'. El sistema aplica incorrectamente la l\u00f3gica de rearmado de emergencia en vuelo a escenarios en tierra. Si un piloto cambia al modo Manual y rearma en un plazo de 5 segundos (configuraci\u00f3n predeterminada) despu\u00e9s de un aterrizaje autom\u00e1tico, el sistema omite todas las comprobaciones de seguridad previas al vuelo, incluida la comprobaci\u00f3n del umbral del acelerador. Esto permite un despegue inmediato con alto empuje si se eleva la palanca del acelerador, lo que lleva a la p\u00e9rdida de control."}], "lastModified": "2026-03-12T17:05:45.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A8C03F6-C15B-44A0-8FF2-05E73A47F26E", "versionEndExcluding": "1.16.0", "versionStartIncluding": "1.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}