Skip to main content

Px4 Autopilot CVE-2026-32708

HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-13 GitHub_M
7.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 13, 2026 - 22:01 vuln.today
CVE Published
Mar 13, 2026 - 21:18 nvd
HIGH 7.8

DescriptionGitHub Advisory

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.

AnalysisAI

Stack overflow vulnerability in PX4 autopilot drone flight control software (versions prior to 1.17.0-rc2) where the Zenoh uORB subscriber fails to validate incoming payload sizes, allowing remote attackers to crash the Zenoh bridge task. No active exploitation (not in KEV), no known POC, and the local attack vector (CVSS AV:L) limits real-world impact despite the high 7.8 CVSS score.

Technical ContextAI

The vulnerability affects PX4-Autopilot (CPE: cpe:2.3:a:px4:px4-autopilot:*:*:*:*:*:*:*:*), an open-source flight control solution for drones. The issue occurs in the Zenoh uORB subscriber component, which allocates a Variable Length Array (VLA) on the stack based directly on incoming payload length without bounds checking. This is a classic CWE-121 (Stack-based Buffer Overflow) where untrusted input controls memory allocation size. Zenoh is a real-time data distribution protocol, and uORB is PX4's publish-subscribe messaging system for inter-module communication.

RemediationAI

Primary mitigation: Upgrade to PX4-Autopilot version 1.17.0-rc2 or later which contains the fix. The vendor advisory (https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-69g4-hcqf-j45p) should be consulted for specific patch details. As a temporary workaround, consider disabling or restricting access to the Zenoh bridge functionality if not required for operations. Monitor Zenoh publisher sources and implement network segmentation to prevent unauthorized local access.

Share

CVE-2026-32708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy