CVE-2026-26011 — CRITICAL (9.8)

Q: How severe is CVE-2026-26011?

CVE-2026-26011 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-26011?

Check the references section above for vendor advisories and patch information. Affected products include: Opennav Nav2.

Vulnerability Description

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opennav	Nav2	<= 1.3.11

Related Weaknesses (CWE)

CWE-122 CWE-787

References

https://github.com/ros-navigation/navigation2/commit/d09ea82477ce9234678a6febf68Patch
https://github.com/ros-navigation/navigation2/releases/tag/1.3.11Product
https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6ExploitVendor Advisory
https://github.com/ros-navigation/navigation2/security/advisories/GHSA-mgj5-g2p6ExploitVendor Advisory

FAQ

What is CVE-2026-26011?

CVE-2026-26011 is a vulnerability with a CVSS score of 9.8 (CRITICAL). navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a...

How severe is CVE-2026-26011?

CVE-2026-26011 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-26011?

Check the references section above for vendor advisories and patch information. Affected products include: Opennav Nav2.