Heap Out-of-Bounds Write in Navigation Framework in ROS 2 by Open Robotics
CVE-2026-26011

9.3CRITICAL

Key Information:

Vendor

Ros-navigation

Status
Navigation2
Vendor
CVE Published:
12 February 2026

What is CVE-2026-26011?

The navigation2 framework in ROS 2 contains a vulnerability in its AMCL's particle filter clustering logic, where an attacker can send a specially crafted message to trigger a heap out-of-bounds write. This condition arises when the boundary check is optimized away in release builds, allowing attackers to corrupt heap memory. Consequently, the vulnerability can lead to controlled corruption of heap chunk metadata, potentially facilitating further exploit attempts. At the very least, it results in a denial of service, disrupting localization and halting navigation functionalities.

Affected Version(s)

navigation2 <= 1.3.11

References

https://github.com/ros-navigation/navigation2/security/ad...
x_refsource_CONFIRM
https://github.com/ros-navigation/navigation2/commit/d09e...
x_refsource_MISC
https://github.com/ros-navigation/navigation2/releases/ta...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.