CVE-2026-32706
Published: 16 March 2026
Summary
CVE-2026-32706 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dronecode Px4 Drone Autopilot. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in crsf_rc parser enables direct exploitation causing reliable system crash and availability impact (A:H), matching Application or System Exploitation under Endpoint DoS.
NVD Description
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled…
more
on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.
Deeper analysisAI
CVE-2026-32706 is a buffer overflow vulnerability (CWE-120, CWE-787) in the crsf_rc parser of PX4 Autopilot, an open-source flight control solution for drones. In versions prior to 1.17.0-rc2, the parser accepts oversized variable-length packets and copies them into a fixed 64-byte global buffer without performing bounds checks, leading to potential memory corruption. The issue was published on 2026-03-16 and carries a CVSS v3.1 base score of 7.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H), emphasizing high availability impact with low integrity disruption.
An adjacent or raw-serial attacker can exploit this vulnerability in deployments where crsf_rc is enabled on a CRSF serial port. By sending a malicious oversized packet, the attacker triggers memory corruption, reliably crashing the PX4 system and potentially disrupting drone operations. No privileges, user interaction, or remote network access are required, but physical or adjacent proximity to the serial interface is necessary.
The official GitHub security advisory (GHSA-mqgj-hh4g-fg5p) confirms the vulnerability is fixed in PX4 Autopilot version 1.17.0-rc2. Security practitioners should ensure deployments upgrade to this version or later, disable crsf_rc on exposed CRSF ports if feasible, and monitor serial interfaces for anomalous traffic.
Details
- CWE(s)