CVE-2026-38891
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.
Risk Assessment
The risk is that an attacker can remotely crash the Gazebo simulation system, potentially disrupting robotic applications or testing environments.
Recommendation
It is recommended to update gazebo_plugins to the latest patched version and implement filtering of geometry_msgs::Twist messages at the network level.
Original NVD description (English source)
An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.

