Px4 Drone Autopilot@* Security Vulnerabilities and Issues — Px4 Drone Autopilot@* CVE List

DronecodePx4 Drone Autopilot*

9 matches found

CVE•added 2025/01/07 12:0 a.m.•46 views

CVE-2024-40427

CVE-2024-40427 affects PX4‑Autopilot with a stack buffer overflow in v1.14.3. The vulnerability can allow an attacker to run commands and cause the program to refuse to execute. Affected component: PX4‑Autopilot v1.14.3; root cause: stack-based overflow. Public references attest to the issue and ...

7.9CVSS7.6AI score0.00227EPSS

CVE•added 2026/03/18 11:26 p.m.•30 views

CVE-2026-32743

PX4 Autopilot versions 1.17.0-rc2 and earlier are affected by a Stack-based Buffer Overflow in the MAVLink log request handling via MavlogHandler. The LogEntry.filepath buffer is 60 bytes, and paths are parsed with sscanf without a width specifier, allowing overflow when a longer path is provided...

6.5CVSS5.9AI score0.0001EPSS

Web

CVE•added 2026/03/13 9:19 p.m.•19 views

CVE-2026-32709

The CVE describes an unauthenticated path traversal in PX4 Autopilot MAVLink FTP that allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem. On NuttX targets, attacker-supplied paths bypass sanitization due to an empty FTP root, whi...

6.8CVSS5.9AI score0.0005EPSS

CVE•added 2026/03/13 9:17 p.m.•13 views

CVE-2026-32706

PX4 autopilot's crsf_rc parser contains a global 64-byte buffer overflow when processing an oversized variable-length known packet prior to 1.17.0-rc2. An adjacent/raw-serial attacker on a CRSF port could trigger memory corruption and crash PX4. Fixed in 1.17.0-rc2. CVSS v3.1 base score 7.1 (High...

8.1CVSS6AI score0.00027EPSS

CVE•added 2026/03/13 9:18 p.m.•13 views

CVE-2026-32708

CVE-2026-32708 affects the PX4 Autopilot’s Zenoh uORB subscriber. Before 1.17.0-rc2, it allocates a stack VLQuestion from the incoming payload length without bounds, enabling a remote Zenoh publisher to send an oversized, fragmented message that triggers an unbounded stack allocation and a stack ...

8CVSS5.9AI score0.00021EPSS

CVE•added 2026/03/13 9:18 p.m.•9 views

CVE-2026-32707

CVE-2026-32707 affects PX4 Autopilot with the tattu_can module. A stack buffer overflow results from an unbounded memcpy in the multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In affected deployments where tattu_can is enabled, a CAN-injection cap...

6.1CVSS5.8AI score0.00009EPSS

CVE•added 2026/03/13 9:20 p.m.•8 views

CVE-2026-32713

CVE-2026-32713 affects the PX4 Autopilot MAVLink FTP subsystem. A logic error in session validation (using boolean AND instead of OR) permits BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors, enabling an unauthenticated attacker to put the FTP sub...

6.5CVSS5.8AI score0.00104EPSS

CVE•added 2026/03/13 9:39 p.m.•6 views

CVE-2026-32724

The CVE-2026-32724 vulnerability affects PX4 Autopilot: a heap-use-after-free in MavlinkShell::available() caused by a race between the MAVLink receiver thread (shell creation/destruction) and the telemetry sender thread (polling output). It is triggerable remotely via MAVLink SERIAL_CONTROL mess...

5.3CVSS5.8AI score0.00027EPSS

CVE•added 2026/03/13 9:15 p.m.•4 views

CVE-2026-32705

Summary: The CVE affects the PX4 autopilot BST telemetry driver. Before version 1.17.0-rc2, the BST device can report an oversized dev_name_len, and the driver writes a string terminator without bounds, causing a stack overflow that can crash the task or enable code execution. Root cause: device-...

6.8CVSS5.9AI score0.00034EPSS