HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2026-32706

CVSS 7.1v3.1pub. 2026-03-16upd. 2026-03-17

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • Dronecode Px4 Drone Autopilot

    APP
    Dronecode
    1.17.0< 1.17.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-32708HIGH7.8ten sam produkt

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocate...

CVE-2026-26741HIGH8.1ten sam produkt

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switch...

CVE-2026-26742HIGH8.1ten sam produkt

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Perio...

CVE-2024-40427HIGH7.9ten sam produkt

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vul...

CVE-2024-38952HIGH7.5ten sam produkt

PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logg...

CVE-2026-32706 β€” Dronecode β€” Px4 Drone Autopilot β€” HIGH β€” CVSS 7.1 | CVEbaza.pl