ROS 2 - 33 CVEs (Page 1/1)

About “ROS 2”

A curated feed of “ROS 2”-related CVEs appears below. We currently track 33 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 8.7 (all time), and 94% are rated High/Critical (all time). Top CWEs (all time): CWE-416 - Use After Free, CWE-281 - Improper Preservation of Permissions, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Robotics frameworks interface with hardware and networks. Patch components, limit remote control, enforce auth and TLS, and segment robots from IT networks. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: ros-2

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
lyrical	2026-05-22	-	2031-05-31
kilted	2025-05-23	-	2026-12-31
jazzy	2024-05-23	-	2029-05-31
iron	2023-05-23	-	2024-12-04 Expired
humble	2022-05-23	-	2027-05-31
galactic	2021-05-23	-	2022-12-09 Expired
foxy	2020-06-05	-	2023-06-20 Expired
eloquent	2019-11-22	-	2020-11-30 Expired
dashing	2019-05-31	-	2021-05-31 Expired
crystal	2018-12-14	-	2019-12-31 Expired
bouncy	2018-07-02	-	2019-07-31 Expired
ardent	2017-12-08	-	2018-12-31 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “ROS 2” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2024-12-06

High

CVE-2024-44856

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2024-44855

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2024-44854

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan().

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2024-44853

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl().

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

Critical

CVE-2024-44852

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().

CVSS: 9.8 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD

Critical

CVE-2024-41650

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-41649

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-41648

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_p…

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-41647

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

Critical

CVE-2024-41646

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-41645

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-41644

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Critical

CVE-2024-38927

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-38926

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-38925

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-38924

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-38923

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-38922

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted messa…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2024-38921

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

2024-12-05

Critical

CVE-2024-38920

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a r…

CVSS: 9.1 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2024-38910

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to c…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-37863

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2024-37862

Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file…

CVSS: 7.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Critical

CVE-2024-37861

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2024-37860

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the n…

CVSS: 7.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-30964

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initia…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-30963

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted scrip…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-30962

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2024-30961

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2024-02-20

High

CVE-2024-25199

Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2024-25198

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-fr…

CVSS: 9.1 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2024-25197

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

Low

CVE-2024-25196

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a cr…

CVSS: 3.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD