Px4 Px4-autopilot
12 CVEs affecting Px4 Px4-autopilot. Latest disclosed: 2026-03-18. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32708 | High | 7.8 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload… |
CVE-2026-32706 | High | 7.1 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it… |
CVE-2026-32705 | Medium | 6.8 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length w… |
CVE-2026-32743 | Medium | 6.5 | 2026-03-18 | PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the… |
CVE-2026-32709 | Medium | 5.4 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP im… |
CVE-2026-32724 | Medium | 5.3 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The is… |
CVE-2025-15150 | Medium | 5.3 | 2025-12-28 | A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_ent… |
CVE-2026-32707 | Medium | 5.2 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing s… |
CVE-2025-9020 | Medium | 4.5 | 2025-08-15 | A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/mod… |
CVE-2023-46256 | Medium | 4.4 | 2023-10-31 | PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the… |
CVE-2026-32713 | Medium | 4.3 | 2026-03-13 | PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect bo… |
CVE-2023-47625 | Low | 2.9 | 2023-11-13 | PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket… |