CVE-2026-26741

Name of the Vulnerable Software and Affected Versions PX4 Autopilot versions 1.12.x through 1.15.x

Description The autopilot software contains a logic flaw in the mode switching mechanism. Specifically, when transitioning from Auto mode to Manual mode while the drone is in the "ARMED" state – after landing and before the automatic disarm triggered by the COM DISARM LAND parameter – a safety check for the physical throttle stick is missing. This can lead to loss of control, rapid uncontrolled ascent (flyaway), and potential property damage.

Recommendations Versions 1.12.x through 1.15.x should be updated when a fix is available.