CVE Catalog

CVE-2026-38971

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

An out-of-bounds read vulnerability was found in the GCS_MAVLink library of ArduPilot up to version Plane-4.6.3, specifically in the GCS_MAVLINK::handle_serial_control() function.

Risk Assessment

This vulnerability could cause unexpected system behavior, data leakage, or potential control takeover of the device.

Recommendation

It is recommended to immediately update ArduPilot to the latest version that includes a fix for this vulnerability.

Original NVD description (English source)

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS