CVE-2026-1743

LOW 3.1

DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay

CVSS Score

3.1

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-294 CWE-287
Vendor	dji
Product	mavic mini
Published	Feb 2, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for dji mavic mini

Be the first to know when new low vulnerabilities affecting dji mavic mini are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

DJI / Mavic Mini

01.00

DJI / Air

01.00

DJI / Spark

01.00

DJI / Mini SE

01.00

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.343674 vuldb.com: https://vuldb.com/?ctiid.343674 vuldb.com: https://vuldb.com/?submit.741323 github.com: https://github.com/ByteMe1001/DJI-CatNect github.com: https://github.com/ByteMe1001/DJI-CatNect/blob/main/exploit.c

Credits

🔍 byteme1001 (VulDB User) byteme1001 (VulDB User)