What is the CVSS score of CVE-2026-32724?

CVE-2026-32724 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Px4 Autopilot are affected by CVE-2026-32724?

Organizations using PX4 autopilot should be aware of moderate risk from CVE-2026-32724, a use-after-free vulnerability rated CVSS 5.3.

Px4 Autopilot CVE-2026-32724

MEDIUM

Use After Free (CWE-416)

2026-03-13 GitHub_M

Information Disclosure Use After Free Memory Corruption Px4 Autopilot

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 13, 2026 - 22:01 vuln.today

CVE Published

Mar 13, 2026 - 21:39 nvd

MEDIUM 5.3

DescriptionNVD

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1.

AnalysisAI

PX4 Autopilot versions prior to 1.17.0-rc1 contain a heap-use-after-free vulnerability in the MavlinkShell::available() function caused by a race condition between the MAVLink receiver and telemetry sender threads. Remote attackers can trigger this vulnerability by sending crafted SERIAL_CONTROL messages (ID 126) via MAVLink, leading to denial of service of the flight control system. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32724 vulnerability details – vuln.today

Back

Px4 Autopilot CVE-2026-32724

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code