What is the CVSS score of EUVD-2026-12150?

EUVD-2026-12150 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.0%.

Which versions of Px4 Autopilot are affected by EUVD-2026-12150?

CVE-2026-32706 is a high-severity buffer overflow in PX4 autopilot firmware that enables network-adjacent attackers to crash drone systems through malformed CRSF protocol packets, potentially…. A patch is available.

Px4 Autopilot EUVD-2026-12150

| CVE-2026-32706 HIGH

Classic Buffer Overflow (CWE-120)

2026-03-13 GitHub_M

Buffer Overflow Px4 Autopilot

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:22 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.17.0-rc2

EUVD ID Assigned

Mar 13, 2026 - 22:01 euvd

EUVD-2026-12150

Analysis Generated

Mar 13, 2026 - 22:01 vuln.today

CVE Published

Mar 13, 2026 - 21:17 nvd

HIGH 7.1

DescriptionNVD

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

AnalysisAI

Buffer overflow vulnerability in PX4 autopilot drone firmware versions before 1.17.0-rc2 that allows adjacent network attackers to crash the system by sending oversized CRSF packets. The vulnerability requires the CRSF receiver protocol to be enabled on a serial port and can cause memory corruption leading to denial of service. …

RemediationAI

Within 24 hours: Identify all PX4 autopilot systems in production and inventory current firmware versions. Within 7 days: Test and deploy PX4 firmware version 1.17.0-rc2 or later in a controlled environment to validate compatibility with operational systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-12150 vulnerability details – vuln.today

Back

Px4 Autopilot EUVD-2026-12150

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code