CVE-2024-29460

CVE-2024-29460 affects PX4 Autopilot v1.14.0, specifically the mission_block.cpp component. The issue enables an attacker with local access to manipulate the flight path via the home point, potentially causing a drone crash. Multiple connected sources (NVD, Red Hat) corroborate that the vulnerabi...

CVE-2024-30800

CVE-2024-30800 affects PX4 Autopilot v1.14, where flaws in the geofence function can allow breaching geofence and flying into no‑fly zones. Documents consistently cite the geofence-related flaw as the root cause. Attack vector is local with high privileges/UI requirement per CVSS, and impact incl...

CVE-2021-34125

CVE-2021-34125 concerns Yuneec Mantis Q and PX4-Autopilot v1.11.3 and earlier where sensitive information can be leaked via various nuttx commands. The PX4-Autopilot impact is supported by PT-2023-12246, which recommends updating PX4-Autopilot to versions above 1.11.3 to resolve the issue; for Yu...

CVE-2023-46256

CVE-2023-46256 affects PX4-Autopilot (versions 1.14.0-rc1 and prior). The vulnerability is a heap buffer overflow in the parser function caused by missing validation of the parserbuf_index, allowing writes up to the maximum unsigned int to heap memory. This can lead to unexpected drone behavior, ...

CVE-2023-47625

CVE-2023-47625 affects PX4 Autopilot. A global buffer overflow exists in CrsfParser_TryParseCrsfPacket (CrsfParser.cpp:298) due to an invalid size check, enabling a remote RC packet to overflow the _rcs_buf and cause the drone to behave unexpectedly. Impact: potential instability or denial of ser...

CVE-2024-24254

CVE-2024-24254 affects PX4 Autopilot versions 1.14 and earlier. A race condition arises from the lack of synchronization when loading geofence data in geofence.cpp and mission_feasibility_checker.cpp, which can cause the drone to upload overlapping geofences and mission routes. The connected docu...

CVE-2024-40427

CVE-2024-40427 affects PX4‑Autopilot with a stack buffer overflow in v1.14.3. The vulnerability can allow an attacker to run commands and cause the program to refuse to execute. Affected component: PX4‑Autopilot v1.14.3; root cause: stack-based overflow. Public references attest to the issue and ...

CVE-2024-38952

CVE-2024-38952 : PX4-Autopilot v1.14.3 has a buffer overflow in the logger component via the topic_name parameter in /logger/logged_topics.cpp. The CVSS 3.1 vector indicates exploitability is NETWORK, with no privileges or user interaction required, and an impact on availability only (I/N; A:H). ...

CVE-2024-24255

CVE-2024-24255 involves a race condition in PX4 Autopilot up to v1.14, affecting the geofence.cpp and mission_feasibility_checker.cpp components. The underlying issue can allow an attacker to push a drone into unintended missions. Public details in connected documents confirm the affected product...

CVE-2024-38951

CVE-2024-38951 describes a buffer overflow in PX4-Autopilot v1.12.3 that allows an attacker to cause a Denial of Service via a crafted MavLink message. The Red Hat/NVD/OSV entries confirm the same description; PT-Security suggests a temporary mitigation: disable handling of MavLink messages until...

CVE-2024-30799

The provided references indicate a vulnerability in PX4 Autopilot versions 1.14 and earlier, where the Breach Return Point function can be abused to execute arbitrary code and trigger a denial of service. Affected component: Breach Return Point handling within PX4 Autopilot. Underlying cause: not...

CVE-2021-46896

CVE-2021-46896 affects PX4-Autopilot. A buffer overflow in a handler function for message ID 332 can lead to denial of service. Documents consistently describe the issue as a buffer overflow in PX4-Autopilot with DoS impact; specific vulnerable versions, affected components, and a confirmed remed...

CVE-2026-32743

PX4 Autopilot versions 1.17.0-rc2 and earlier are affected by a Stack-based Buffer Overflow in the MAVLink log request handling via MavlogHandler. The LogEntry.filepath buffer is 60 bytes, and paths are parsed with sscanf without a width specifier, allowing overflow when a longer path is provided...

CVE-2026-32709

The CVE describes an unauthenticated path traversal in PX4 Autopilot MAVLink FTP that allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem. On NuttX targets, attacker-supplied paths bypass sanitization due to an empty FTP root, whi...

CVE-2026-32708

CVE-2026-32708 affects the PX4 Autopilot’s Zenoh uORB subscriber. Before 1.17.0-rc2, it allocates a stack VLQuestion from the incoming payload length without bounds, enabling a remote Zenoh publisher to send an oversized, fragmented message that triggers an unbounded stack allocation and a stack ...

CVE-2026-32706

PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...

CVE-2026-32707

CVE-2026-32707 affects PX4 Autopilot with the tattu_can module. A stack buffer overflow results from an unbounded memcpy in the multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In affected deployments where tattu_can is enabled, a CAN-injection cap...

CVE-2025-15150

CVE-2025-15150 affects PX4 PX4-Autopilot up to version 1.16.0. The vulnerability resides in MavlinkLogHandler::state_listing and MavlinkLogHandler::log_entry_from_id within src/modules/mavlink/mavlink_log_handler.cpp, causing a stack-based buffer overflow. Exploitation is limited to local access....

CVE-2026-32713

CVE-2026-32713 affects the PX4 Autopilot MAVLink FTP subsystem. A logic error in session validation (using boolean AND instead of OR) permits BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors, enabling an unauthenticated attacker to put the FTP sub...

CVE-2026-26741

PX4 Autopilot versions 1.12.x–1.15.x contain a logic flaw in the mode switching mechanism: when transitioning from Auto to Manual while ARMED (after landing and before automatic disarm via COM_DISARM_LAND), there is no throttle-threshold safety check for the physical throttle stick. The issue cou...

CVE-2026-26742

The CVE affects PX4 Autopilot versions 1.12.x–1.15.x, where the Re-arm Grace Period protection logic can incorrectly apply in-air re-arm behavior to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds after an automatic landing (default config), pre-flight safety che...

CVE-2026-32724

The CVE-2026-32724 vulnerability affects PX4 Autopilot: a heap-use-after-free in MavlinkShell::available() caused by a race between the MAVLink receiver thread (shell creation/destruction) and the telemetry sender thread (polling output). It is triggerable remotely via MAVLink SERIAL_CONTROL mess...

CVE-2026-32705

Summary: The CVE affects the PX4 autopilot BST telemetry driver. Before version 1.17.0-rc2, the BST device can report an oversized dev_name_len, and the driver writes a string terminator without bounds, causing a stack overflow that can crash the task or enable code execution. Root cause: device-...