Skip to main content

Px4 Autopilot CVE-2026-32706

| EUVDEUVD-2026-12150 HIGH
Classic Buffer Overflow (CWE-120)
2026-03-13 GitHub_M
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:22 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.17.0-rc2
EUVD ID Assigned
Mar 13, 2026 - 22:01 euvd
EUVD-2026-12150
Analysis Generated
Mar 13, 2026 - 22:01 vuln.today
CVE Published
Mar 13, 2026 - 21:17 nvd
HIGH 7.1

DescriptionGitHub Advisory

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

AnalysisAI

Buffer overflow vulnerability in PX4 autopilot drone firmware versions before 1.17.0-rc2 that allows adjacent network attackers to crash the system by sending oversized CRSF packets. The vulnerability requires the CRSF receiver protocol to be enabled on a serial port and can cause memory corruption leading to denial of service. No active exploitation (not in KEV) or public POC has been reported.

Technical ContextAI

The vulnerability affects the PX4-Autopilot firmware (CPE: cpe:2.3:a:px4:px4-autopilot:*:*:*:*:*:*:*:*), specifically in the CRSF (Crossfire) RC receiver protocol parser. CRSF is a serial communication protocol used for radio control systems in drones. The root cause is a classic buffer overflow (CWE-120) where the crsf_rc parser copies variable-length packet data into a fixed 64-byte global buffer without proper bounds checking. This allows packets larger than 64 bytes to overflow the buffer and corrupt adjacent memory.

RemediationAI

Primary remediation: Update to PX4-Autopilot version 1.17.0-rc2 or later, which contains the fix for this vulnerability. The patch is available through the official PX4 GitHub repository as referenced in the advisory at https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-mqgj-hh4g-fg5p. As a workaround, if updating is not immediately possible, disable CRSF receiver protocol on serial ports or restrict physical access to drone serial interfaces.

Share

CVE-2026-32706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy