Cyber Resilience

CVE-2026-32706

HighPublic PoC

Published: 16 March 2026

Published
16 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0031 22.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32706 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dronecode Px4 Drone Autopilot. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32706 is a buffer overflow vulnerability (CWE-120, CWE-787) in the crsf_rc parser of PX4 Autopilot, an open-source flight control solution for drones. In versions prior to 1.17.0-rc2, the parser accepts oversized variable-length packets and copies them into a fixed 64-byte global buffer without performing bounds checks, leading to potential memory corruption. The issue was published on 2026-03-16 and carries a CVSS v3.1 base score of 7.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H), emphasizing high availability impact with low integrity disruption.

An adjacent or raw-serial attacker can exploit this vulnerability in deployments where crsf_rc is enabled on a CRSF serial port. By sending a malicious oversized packet, the attacker triggers memory corruption, reliably crashing the PX4 system and potentially disrupting drone operations. No privileges, user interaction, or remote network access are required, but physical or adjacent proximity to the serial interface is necessary.

The official GitHub security advisory (GHSA-mqgj-hh4g-fg5p) confirms the vulnerability is fixed in PX4 Autopilot version 1.17.0-rc2. Security practitioners should ensure deployments upgrade to this version or later, disable crsf_rc on exposed CRSF ports if feasible, and monitor serial interfaces for anomalous traffic.

EU & UK References

Vulnerability details

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled…

more

on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in crsf_rc parser enables direct exploitation causing reliable system crash and availability impact (A:H), matching Application or System Exploitation under Endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-40427Same product: Dronecode Px4 Drone Autopilot
CVE-2026-26742Same product: Dronecode Px4 Drone Autopilot
CVE-2026-32708Same product: Dronecode Px4 Drone Autopilot
CVE-2026-26741Same product: Dronecode Px4 Drone Autopilot
CVE-2026-29775Shared CWE-787
CVE-2026-33721Shared CWE-787
CVE-2020-37206Shared CWE-120
CVE-2025-20115Shared CWE-120
CVE-2025-50654Shared CWE-120
CVE-2020-37213Shared CWE-120

Affected Assets

dronecode
px4 drone autopilot
1.17.0 · ≤ 1.17.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (including variable-length CRSF packets) to enforce bounds and prevent the unchecked copy into the 64-byte buffer.

prevent

Mandates timely application of the vendor patch that eliminates the oversized-packet flaw in crsf_rc (fixed in 1.17.0-rc2).

prevent

Requires disabling unnecessary features such as crsf_rc on exposed serial ports when the protocol is not required, reducing the attack surface.

References