dji CVE Vulnerabilities & Metrics

About dji Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dji. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Critical dji CVEs (CVSS ≥ 9) Over 20 Years

Top 5 Highest CVSS dji CVEs

These are the five CVEs with the highest CVSS scores for dji, sorted by severity first and recency.

• CVE-2007-1074 dji Published on 22 Feb 2007, 22:28 UTC (CVSS: 9.3)
  Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
• CVE-2022-29945 dji Published on 29 Apr 2022, 20:15 UTC (CVSS: 5.0)
  DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
• CVE-2026-26673 dji Published on 04 Mar 2026, 16:16 UTC (CVSS: 0)
  An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
• CVE-2022-46415 dji Published on 27 Mar 2023, 21:15 UTC (CVSS: 0)
  DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.

All CVEs for dji