Dronecode Px4_drone_autopilot
23 CVEs affecting Dronecode Px4_drone_autopilot. Latest disclosed: 2026-03-19. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26742 | High | 8.1 | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-a… |
CVE-2026-26741 | High | 8.1 | 2026-03-10 | PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone… |
CVE-2024-40427 | High | 7.9 | 2025-01-07 | Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to exe… |
CVE-2026-32708 | High | 7.8 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload… |
CVE-2024-38952 | High | 7.5 | 2024-06-25 | PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp. |
CVE-2021-46896 | High | 7.5 | 2023-07-06 | Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332. |
CVE-2021-34125 | High | 7.5 | 2023-03-09 | An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. |
CVE-2026-32706 | High | 7.1 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it… |
CVE-2026-32705 | Medium | 6.8 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length w… |
CVE-2024-29460 | Medium | 6.6 | 2024-04-10 | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the missio… |
CVE-2026-32743 | Medium | 6.5 | 2026-03-19 | PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the… |
CVE-2024-38951 | Medium | 6.5 | 2024-06-25 | A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message. |
CVE-2024-30800 | Medium | 5.6 | 2024-04-23 | PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. |
CVE-2026-32709 | Medium | 5.4 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP im… |
CVE-2026-32724 | Medium | 5.3 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The is… |
CVE-2025-15150 | Medium | 5.3 | 2025-12-28 | A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_ent… |
CVE-2026-32707 | Medium | 5.2 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing s… |
CVE-2024-30799 | Medium | 4.4 | 2024-04-22 | An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point functio… |
CVE-2023-46256 | Medium | 4.4 | 2023-10-31 | PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the… |
CVE-2026-32713 | Medium | 4.3 | 2026-03-16 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect bo… |