CVE-2026-26011

Name of the Vulnerable Software and Affected Versions navigation2 versions prior to 1.3.11

Description navigation2 is a ROS 2 Navigation Framework and System. A heap out-of-bounds write issue exists in Nav2 AMCL’s particle filter clustering logic. An unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write into heap memory by publishing a crafted geometry msgs/PoseWithCovarianceStamped message to the /initialpose topic. The message must contain extreme covariance values. In Release builds, runtime protection is disabled. This allows controlled corruption of heap chunk metadata, potentially leading to further exploitation or a denial of service that halts navigation. The vulnerable code attempts to access set->clusters[-1].

Recommendations Update to a version later than 1.3.11.