CVE-2026-26673 Overview
CVE-2026-26673 is a denial of service vulnerability affecting multiple DJI consumer drone models through the Enhanced-WiFi transmission subsystem. The vulnerability allows remote attackers to disrupt drone communications and operations by exploiting weaknesses in the WiFi-based control link, potentially causing loss of control or forced landing scenarios.
This firmware vulnerability (CWE-400: Uncontrolled Resource Consumption) in DJI's Enhanced-WiFi subsystem enables network-based attacks that can exhaust system resources and interrupt the critical communication channel between the drone and its controller.
Critical Impact
Remote attackers can cause denial of service conditions on affected DJI drones, potentially leading to loss of drone control, forced emergency landings, or mid-flight communication disruption.
Affected Products
- DJI Mavic Mini (firmware version 0.1.00.0500 and below)
- DJI Spark (firmware version 0.1.00.0500 and below)
- DJI Mavic Air (firmware version 0.1.00.0500 and below)
- DJI Mini (firmware version 0.1.00.0500 and below)
- DJI Mini SE (firmware version 0.1.00.0500 and below)
Discovery Timeline
- 2026-03-04 - CVE-2026-26673 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-26673
Vulnerability Analysis
The vulnerability resides in DJI's Enhanced-WiFi transmission subsystem, which handles the wireless communication between DJI drones and their remote controllers. The Enhanced-WiFi protocol is a proprietary implementation used by DJI for video transmission and control signals in their consumer drone lineup.
The flaw stems from improper resource consumption handling (CWE-400) within the WiFi subsystem's packet processing logic. When malformed or excessive network traffic is directed at the drone's wireless interface, the system fails to adequately throttle or reject the malicious input, leading to resource exhaustion.
The network-based attack vector requires no authentication or user interaction, making it accessible to any attacker within wireless range of an affected drone. The impact is limited to availability—no confidentiality or integrity compromise has been demonstrated.
Root Cause
The root cause is classified as CWE-400 (Uncontrolled Resource Consumption). The Enhanced-WiFi transmission subsystem lacks proper rate limiting and input validation mechanisms for incoming network packets. This allows an attacker to flood the subsystem with crafted packets, consuming available memory and processing resources until the drone's communication capabilities are degraded or completely disrupted.
Attack Vector
The attack can be executed remotely over the network by any attacker within WiFi range of an affected DJI drone. The attack does not require authentication or any form of user interaction, and targets the Enhanced-WiFi transmission subsystem directly.
An attacker would need to be within wireless transmission range of an affected drone during flight operations. By transmitting specially crafted or high-volume packets to the drone's Enhanced-WiFi interface, the attacker can trigger resource exhaustion conditions that interrupt normal communication between the drone and controller.
Technical details and proof-of-concept materials are available in the DJI-CatNect GitHub repository.
Detection Methods for CVE-2026-26673
Indicators of Compromise
- Unexpected drone communication dropouts or latency spikes during flight operations
- Abnormal WiFi traffic patterns or packet floods detected near drone operations
- Repeated connection failures between DJI controller and drone units
- Drone telemetry showing communication subsystem errors or restarts
Detection Strategies
- Monitor network traffic for unusual packet volumes or malformed frames targeting drone operating frequencies
- Implement wireless intrusion detection systems (WIDS) in sensitive operational areas
- Review drone flight logs for communication anomalies or unexpected disconnections
- Deploy spectrum analyzers to detect potential interference or attack activity during critical operations
Monitoring Recommendations
- Enable detailed logging on DJI controller applications to capture connection state changes
- Monitor for firmware update availability from DJI and apply patches promptly
- Establish baseline communication metrics for normal drone operations to identify anomalies
- Consider implementing operational security protocols for drone flights in sensitive areas
How to Mitigate CVE-2026-26673
Immediate Actions Required
- Update affected DJI drone firmware to the latest available version above 0.1.00.0500
- Avoid operating affected drones in areas with potentially hostile wireless environments
- Implement physical security measures to prevent attackers from gaining wireless proximity during operations
- Consider using DJI's OcuSync-equipped models for operations requiring higher communication resilience
Patch Information
DJI has not yet published a dedicated security advisory for this vulnerability. Organizations using affected drone models should monitor DJI's official channels for firmware updates addressing the Enhanced-WiFi transmission subsystem vulnerability. The vulnerability affects firmware versions 0.1.00.0500 and below across multiple DJI consumer drone platforms.
For technical details regarding the vulnerability, refer to the DJI-CatNect GitHub repository.
Workarounds
- Limit drone operations to controlled environments with restricted wireless access
- Use signal shielding or directional antennas to reduce exposure to unauthorized wireless sources
- Implement pre-flight wireless spectrum scanning to detect potential threats
- Establish backup pilot procedures for unexpected communication loss scenarios
- Consider temporary grounding of affected models for mission-critical operations until patches are available
# Check current DJI firmware version via DJI Assistant 2
# Connect drone via USB and verify firmware status
# Update to latest firmware if version is 0.1.00.0500 or below
# For operational security, pre-flight wireless assessment:
# Scan local spectrum for unusual activity before drone deployment
# Document baseline signal environment for anomaly detection
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
