A vulnerability marked as problematic has been reported in ardupilot up to 4.6.3. The impacted element is the function GCS_MAVLINK::handle_serial_control of the file libraries/GCS_MAVLink/GCS_serial_control.cpp. This manipulation causes out-of-bounds read.

The identification of this vulnerability is CVE-2026-38971. The attack needs to be done within the local network. There is no exploit available.