Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-1579

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 3 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 1 month, 3 weeks ago

PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level.

References

Affected products

Autopilot

==v1.16.0 SITL

Matching in nixpkgs

pkgs.argocd-autopilot

ArgoCD Autopilot

nixos-unstable 0.4.20
- nixpkgs-unstable 0.4.20
- nixos-unstable-small 0.4.20
nixos-25.11 0.4.20
- nixos-25.11-small 0.4.20
- nixpkgs-25.11-darwin 0.4.20

Package maintainers

@bryanasdev000 Bryan Albuquerque <bryanasdev000@gmail.com>
@sagikazarmark Mark Sagi-Kazar <mark.sagikazar@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.argocd-autopilot

Package maintainers