CVE-2026-1743

CVSS v3.1

3.1

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions DJI Mavic Mini versions prior to 01.00.0500 DJI Spark versions prior to 01.00.0500 DJI Mini SE versions prior to 01.00.0500 DJI Air versions prior to 01.00.0500

Description A flaw exists in the Enhanced Wi-Fi Pairing component that allows for authentication bypass through a capture-replay attack. The attack requires local network access and a high degree of complexity, making exploitation difficult. The exploit is publicly available. The vendor was informed of this issue but did not provide a response.

Recommendations Update DJI Mavic Mini to version 01.00.0500 or later. Update DJI Spark to version 01.00.0500 or later. Update DJI Mini SE to version 01.00.0500 or later. Update DJI Air to version 01.00.0500 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-294

Related Identifiers

CVE-2026-1743

Affected Products

Dji Air

Dji Mavic Mini

Dji Mini Se

Dji Spark

CVE-2026-1743

Weakness Enumeration

Related Identifiers

Affected Products

References · 9