CVE-2026-32707 in PX4-Autopilotالمعلومات

الملخص

بحسب MITRE • 16/03/2026

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

13/03/2026

إفشاء

16/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351060

CPE

جاهز

CWE

CWE-121 (مؤكد)

CVSS

6.1 (NVD)

EPSS

0.00009

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32707
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32707
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32707/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!