What is the CVSS score of CVE-2026-32707?

CVE-2026-32707 has a CVSS 3.1 base score of 5.2 (Medium). CVSS vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.0%.

Which versions of Px4 Autopilot are affected by CVE-2026-32707?

Organizations using PX4 autopilot should be aware of moderate risk from CVE-2026-32707, a stack-based buffer overflow vulnerability rated CVSS 5.2.. A patch is available.

Px4 Autopilot CVE-2026-32707

EUVD-2026-12152 MEDIUM

Stack-based Buffer Overflow (CWE-121)

2026-03-13 GitHub_M

Buffer Overflow Stack Overflow Px4 Autopilot

5.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.17.0-rc2

EUVD ID Assigned

Mar 13, 2026 - 22:01 euvd

EUVD-2026-12152

Analysis Generated

Mar 13, 2026 - 22:01 vuln.today

CVE Published

Mar 13, 2026 - 21:18 nvd

MEDIUM 5.2

DescriptionNVD

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

AnalysisAI

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32707 vulnerability details – vuln.today

Back

Px4 Autopilot CVE-2026-32707

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code