CVE-2026-32706 - Vulnerability Analysis
HighCVSS: 7.1Last Updated: March 16, 2026
PX4 autopilot - Buffer Overflow
Published: March 16, 2026Updated: March 16, 2026PoC Available
Overview
PX4 autopilot < 1.17.0-rc2 contains a buffer overflow caused by lack of bounds check when copying oversized variable-length known packets in crsf_rc parser, letting adjacent/raw-serial attackers cause memory corruption and crash PX4, exploit requires attacker to have access to CRSF serial port.
Severity & Score
Severity: High
CVSS Score: 7.1
Impact
Attackers can cause memory corruption leading to a crash, resulting in denial of service of the autopilot system.
Mitigation
Update to version 1.17.0-rc2 or later.
Related Resources
Details
- CVE ID
- CVE-2026-32706
- Severity
- High
- CVSS Score
- 7.1
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-120
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H