Critical PX4 Autopilot Flaw Lets Attackers Control

A critical, newly identified vulnerability in the widely adopted PX4 Autopilot software could empower malicious actors to seize complete control of drone operations.

The Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) advisory on March 31, 2026, warning operators about this severe flaw.

The PX4 Autopilot project, headquartered in Switzerland, provides open-source flight control software for drones and autonomous vehicles deployed worldwide.

Because of its massive adoption, this vulnerability directly threatens critical infrastructure, particularly within the Transportation Systems, Emergency Services, and Defense Industrial Base sectors.

PX4 Autopilot Vulnerability

Tracked as CVE-2026-1579, this security flaw carries a near-maximum CVSS v3 score of 9.8, classifying it as critical. The core issue stems from the absence of an authentication mechanism for a critical function.

If an attacker successfully gains access to the drone’s MAVLink interface, the primary communication protocol used for transmitting commands and telemetry, they can exploit this weakness to bypass security checks.

Once connected, the attacker can execute arbitrary shell commands without needing any cryptographic authentication.

In simple terms, an unauthenticated user can run any system command they choose directly on the drone’s operating system.

This grants them the power to alter flight paths, force crashes, intercept data, or completely lock legitimate operators out of the system.

The specific version currently known to be affected is PX4 Autopilot v1.16.0_SITL_latest_stable. Security researcher Dolev Aviv from Cyviation originally discovered and reported this vulnerability to CISA.

Fortunately, CISA notes that there is currently no known public exploitation targeting this flaw in the wild.

To protect drone fleets and infrastructure, CISA recommends that organizations take immediate defensive measures:

• Minimize network exposure for all control system devices to ensure they are never accessible directly from the internet.
• Locate control system networks and remote devices behind strict firewalls, isolating them entirely from corporate business networks.
• Enforce the use of secure, fully updated Virtual Private Networks (VPNs) whenever remote access to the drone control systems is required.
• Conduct a proper risk assessment before deploying new defensive measures to avoid operational disruption.

Because attackers often use phishing to gain initial access to networks, CISA also advises organizations to train staff to resist social engineering attacks.

Operators should continuously monitor CISA alerts and apply official vendor patches as soon as they become available to secure their autonomous fleets.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.