CVE Daily – ROS 2 https://cvedaily.com/pages/tags/ros-2.html CVE Daily – ROS 2 en Wed, 03 Jun 2026 21:27:07 +0000 [High] CVE-2024-44856 – Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovere... https://nvd.nist.gov/vuln/detail/CVE-2024-44856 https://nvd.nist.gov/vuln/detail/CVE-2024-44856 Fri, 06 Dec 2024 22:15:21 +0000 High CVE-2024-44856

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().

CVSS: 7.5 · CWE: CWE-476

View on NVD

]]> [High] CVE-2024-44855 – Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovere... https://nvd.nist.gov/vuln/detail/CVE-2024-44855 https://nvd.nist.gov/vuln/detail/CVE-2024-44855 Fri, 06 Dec 2024 22:15:21 +0000 High CVE-2024-44855

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().

CVSS: 7.5 · CWE: CWE-476

View on NVD

]]> [High] CVE-2024-44854 – Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovere... https://nvd.nist.gov/vuln/detail/CVE-2024-44854 https://nvd.nist.gov/vuln/detail/CVE-2024-44854 Fri, 06 Dec 2024 22:15:21 +0000 High CVE-2024-44854

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan().

CVSS: 7.5 · CWE: CWE-476

View on NVD

]]> [High] CVE-2024-44853 – Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovere... https://nvd.nist.gov/vuln/detail/CVE-2024-44853 https://nvd.nist.gov/vuln/detail/CVE-2024-44853 Fri, 06 Dec 2024 22:15:21 +0000 High CVE-2024-44853

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl().

CVSS: 7.5 · CWE: CWE-476

View on NVD

]]> [Critical] CVE-2024-44852 – Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovere... https://nvd.nist.gov/vuln/detail/CVE-2024-44852 https://nvd.nist.gov/vuln/detail/CVE-2024-44852 Fri, 06 Dec 2024 22:15:21 +0000 Critical CVE-2024-44852

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

CVSS: 9.8 · CWE: CWE-763

View on NVD

]]> [Critical] CVE-2024-41650 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41650 https://nvd.nist.gov/vuln/detail/CVE-2024-41650 Fri, 06 Dec 2024 22:15:21 +0000 Critical CVE-2024-41650

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-41649 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41649 https://nvd.nist.gov/vuln/detail/CVE-2024-41649 Fri, 06 Dec 2024 22:15:21 +0000 Critical CVE-2024-41649

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-41648 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41648 https://nvd.nist.gov/vuln/detail/CVE-2024-41648 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-41648

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-41647 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41647 https://nvd.nist.gov/vuln/detail/CVE-2024-41647 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-41647

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.

CVSS: 9.8 · CWE: CWE-732

View on NVD

]]> [Critical] CVE-2024-41646 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41646 https://nvd.nist.gov/vuln/detail/CVE-2024-41646 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-41646

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-41645 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41645 https://nvd.nist.gov/vuln/detail/CVE-2024-41645 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-41645

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-41644 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 R... https://nvd.nist.gov/vuln/detail/CVE-2024-41644 https://nvd.nist.gov/vuln/detail/CVE-2024-41644 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-41644

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.

CVSS: 9.8 · CWE: CWE-281

View on NVD

]]> [Critical] CVE-2024-38927 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38927 https://nvd.nist.gov/vuln/detail/CVE-2024-38927 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-38927

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`.

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38926 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38926 https://nvd.nist.gov/vuln/detail/CVE-2024-38926 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-38926

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38925 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38925 https://nvd.nist.gov/vuln/detail/CVE-2024-38925 Fri, 06 Dec 2024 22:15:20 +0000 Critical CVE-2024-38925

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38924 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38924 https://nvd.nist.gov/vuln/detail/CVE-2024-38924 Fri, 06 Dec 2024 22:15:19 +0000 Critical CVE-2024-38924

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38923 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38923 https://nvd.nist.gov/vuln/detail/CVE-2024-38923 Fri, 06 Dec 2024 22:15:19 +0000 Critical CVE-2024-38923

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` .

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38922 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was disc... https://nvd.nist.gov/vuln/detail/CVE-2024-38922 https://nvd.nist.gov/vuln/detail/CVE-2024-38922 Fri, 06 Dec 2024 22:15:19 +0000 Critical CVE-2024-38922

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.

CVSS: 9.8 · CWE: CWE-787

View on NVD

]]> [Critical] CVE-2024-38921 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38921 https://nvd.nist.gov/vuln/detail/CVE-2024-38921 Fri, 06 Dec 2024 22:15:19 +0000 Critical CVE-2024-38921

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` .

CVSS: 9.8 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-38920 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-38920 https://nvd.nist.gov/vuln/detail/CVE-2024-38920 Thu, 05 Dec 2024 23:15:06 +0000 Critical CVE-2024-38920

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` .

CVSS: 9.1 · CWE: CWE-416

View on NVD

]]> [High] CVE-2024-38910 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was disc... https://nvd.nist.gov/vuln/detail/CVE-2024-38910 https://nvd.nist.gov/vuln/detail/CVE-2024-38910 Thu, 05 Dec 2024 23:15:06 +0000 High CVE-2024-38910

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

CVSS: 7.5 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-37863 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-37863 https://nvd.nist.gov/vuln/detail/CVE-2024-37863 Thu, 05 Dec 2024 23:15:05 +0000 Critical CVE-2024-37863

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

CVSS: 9.8 · CWE: CWE-120

View on NVD

]]> [High] CVE-2024-37862 – Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 na... https://nvd.nist.gov/vuln/detail/CVE-2024-37862 https://nvd.nist.gov/vuln/detail/CVE-2024-37862 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-37862

Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process.

CVSS: 7.3 · CWE: CWE-94

View on NVD

]]> [Critical] CVE-2024-37861 – Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were di... https://nvd.nist.gov/vuln/detail/CVE-2024-37861 https://nvd.nist.gov/vuln/detail/CVE-2024-37861 Thu, 05 Dec 2024 23:15:05 +0000 Critical CVE-2024-37861

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

CVSS: 9.8 · CWE: CWE-120

View on NVD

]]> [High] CVE-2024-37860 – Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation... https://nvd.nist.gov/vuln/detail/CVE-2024-37860 https://nvd.nist.gov/vuln/detail/CVE-2024-37860 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-37860

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process

CVSS: 7.3 · CWE: CWE-94

View on NVD

]]> [High] CVE-2024-30964 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (... https://nvd.nist.gov/vuln/detail/CVE-2024-30964 https://nvd.nist.gov/vuln/detail/CVE-2024-30964 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-30964

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator

CVSS: 7.8 · CWE: CWE-94

View on NVD

]]> [High] CVE-2024-30963 – Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2)... https://nvd.nist.gov/vuln/detail/CVE-2024-30963 https://nvd.nist.gov/vuln/detail/CVE-2024-30963 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-30963

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script.

CVSS: 7.8 · CWE: CWE-94

View on NVD

]]> [High] CVE-2024-30962 – Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2)... https://nvd.nist.gov/vuln/detail/CVE-2024-30962 https://nvd.nist.gov/vuln/detail/CVE-2024-30962 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-30962

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process

CVSS: 7.8 · CWE: CWE-120

View on NVD

]]> [High] CVE-2024-30961 – Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (... https://nvd.nist.gov/vuln/detail/CVE-2024-30961 https://nvd.nist.gov/vuln/detail/CVE-2024-30961 Thu, 05 Dec 2024 23:15:05 +0000 High CVE-2024-30961

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.

CVSS: 7.8 · CWE: CWE-94

View on NVD

]]> [High] CVE-2024-25199 – Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Op... https://nvd.nist.gov/vuln/detail/CVE-2024-25199 https://nvd.nist.gov/vuln/detail/CVE-2024-25199 Tue, 20 Feb 2024 14:15:09 +0000 High CVE-2024-25199

Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

CVSS: 8.1 · CWE: CWE-416

View on NVD

]]> [Critical] CVE-2024-25198 – Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset... https://nvd.nist.gov/vuln/detail/CVE-2024-25198 https://nvd.nist.gov/vuln/detail/CVE-2024-25198 Tue, 20 Feb 2024 14:15:09 +0000 Critical CVE-2024-25198

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

CVSS: 9.1 · CWE: CWE-416

View on NVD

]]> [Medium] CVE-2024-25197 – Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were d... https://nvd.nist.gov/vuln/detail/CVE-2024-25197 https://nvd.nist.gov/vuln/detail/CVE-2024-25197 Tue, 20 Feb 2024 14:15:09 +0000 Medium CVE-2024-25197

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.

CVSS: 6.5 · CWE: CWE-476

View on NVD

]]> [Low] CVE-2024-25196 – Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were d... https://nvd.nist.gov/vuln/detail/CVE-2024-25196 https://nvd.nist.gov/vuln/detail/CVE-2024-25196 Tue, 20 Feb 2024 14:15:09 +0000 Low CVE-2024-25196

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.

CVSS: 3.3 · CWE: CWE-120

View on NVD

]]>