CVE-2026-32706

Published: Mar 16, 2026Modified: Mar 17, 2026

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

Affected (4)

Products: Dronecode: Px4 Drone Autopilot

Dronecode

1 product

Px4 Drone Autopilot

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dronecode Px4 Drone Autopilot	Before 1.17.0
Dronecode Px4 Drone Autopilot	Version 1.17.0 alpha1
Dronecode Px4 Drone Autopilot	Version 1.17.0 beta1
Dronecode Px4 Drone Autopilot	Version 1.17.0 rc1

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-mqgj-hh4g-fg5p

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-mqgj-hh4g-fg5p

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.