CYVIATION Discovers Critical Security Flaw in Popular UAV and Drone Software, Preventing Potential Hacker Takeovers

NEW YORK--(BUSINESS WIRE)--CYVIATION, an aviation technology company focused on aircraft cybersecurity, today announced the discovery of a major security flaw in PX4 Autopilot, a globally used flight-control software.

By building the digital infrastructure to enable cyber risk visibility across aircraft and the aviation value chain, CYVIATION actively assists in defending today's aviation fleets against current cyber threats while securing the future of flight. Based on findings by the CYVIATION research team, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an official government warning (ICSA-26-090-02). The vulnerability (CVE-2026-1579) carries a critical 9.8 out of 10 severity score, requiring immediate action to secure drones used in defense, emergency response, and commercial transport.

The Vulnerability: Unprotected Communications

​CYVIATION discovered that, by default, the communication channel used by these drones and Unmanned Aerial Vehicles (UAVs) lacks a digital "password" or signature. This missing security check could allow a hacker on the drone or UAV's network to send unverified commands, completely bypassing the actual operator and taking full remote control of the aircraft's flight path and internal systems.

How Operators Can Protect Themselves

CYVIATION and CISA urge all PX4 Autopilot operators to update their security settings immediately:

• Turn on Digital Signatures: Enable "MAVLink 2.0 message signing" to ensure the drone rejects unverified commands.
• Isolate Networks: Keep drones and control systems off the public internet and behind strong firewalls.
• Follow Official Guides: Refer to PX4's Security Hardening Guide for step-by-step instructions.

More to Come

This discovery is just the tip of the iceberg. The CYVIATION research team is hard at work to cyber-secure our skies. As we continuously hunt for vulnerabilities and expand our investigations into other popular flight control networks, stay tuned for more major research findings and security updates soon.

About CYVIATION

CYVIATION is an aviation technology company focused on aircraft cybersecurity. We built the digital infrastructure to enable cyber risk visibility across aircraft and the aviation value chain. By hunting for vulnerabilities and providing proactive defenses, CYVIATION keeps flights safe from digital threats. For more information, visit www.cyviation.aero.