9.8
CVSSv3

CVE-2024-41646

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.0007 | KEV: Not Included
Published: 06/12/2024 Updated: 13/12/2024

Vulnerability Summary

Arbitrary Code Execution via Insecure Permissions in ROS2 Navigation2

There is an insecure permissions vulnerability in Open Robotics Robotic Operating System 2, specifically in ROS2 navigation2 version humble. This flaw lets an attacker run any code they want by sending a crafted script to the nav2_dwb_controller.

Vulnerable Product Search on Vulmon Subscribe to Product

openrobotics robot operating system 2