Skip to main content

Px4 Autopilot CVE-2026-32707

| EUVDEUVD-2026-12152 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-03-13 GitHub_M
5.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.2 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.17.0-rc2
EUVD ID Assigned
Mar 13, 2026 - 22:01 euvd
EUVD-2026-12152
Analysis Generated
Mar 13, 2026 - 22:01 vuln.today
CVE Published
Mar 13, 2026 - 21:18 nvd
MEDIUM 5.2

DescriptionGitHub Advisory

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

AnalysisAI

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

Technical ContextAI

The vulnerability resides in the tattu_can component of PX4 autopilot, which handles multi-frame CAN (Controller Area Network) message assembly. CAN is a serial communication bus standard commonly used in automotive and aerospace applications for inter-device communication. The flaw is classified as CWE-121 (Stack-based Buffer Overflow) and involves an unbounded memcpy operation within the multi-frame assembly loop. When processing incoming CAN frames, the code fails to validate frame boundaries before copying data to the stack, permitting an attacker to write beyond allocated buffer boundaries. This is particularly critical in embedded flight control systems where the autopilot operates in real-time and memory corruption can directly affect vehicle control algorithms and safety-critical operations.

RemediationAI

Upgrade PX4 autopilot to version 1.17.0-rc2 or later, which includes the fix for the unbounded memcpy vulnerability. Users should disable the tattu_can module in production deployments if updating is not immediately possible and the module is not essential for operations. Additionally, implement network segmentation to restrict physical CAN bus access to authorized devices only, and implement CAN frame validation and filtering at the network level to reject malformed multi-frame messages. Monitor systems for unexpected crashes or memory corruption errors that may indicate exploitation attempts. Refer to the PX4 project security advisories and release notes for patch deployment guidance.

Share

CVE-2026-32707 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy