CVE Catalog
CVE-2026-38971
Low risk· EPSS 6%Exploitation Probability (EPSS)
Low risk0.17%
6th percentile — higher than 6% of all known CVEs
Summary
An out-of-bounds read vulnerability was found in the GCS_MAVLink library of ArduPilot up to version Plane-4.6.3, specifically in the GCS_MAVLINK::handle_serial_control() function.
Risk Assessment
This vulnerability could cause unexpected system behavior, data leakage, or potential control takeover of the device.
Recommendation
It is recommended to immediately update ArduPilot to the latest version that includes a fix for this vulnerability.
Original NVD description (English source)
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

