CVE-2026-32705 in PX4-Autopilot
Summary
by MITRE • 03/16/2026
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/21/2026
The PX4 autopilot system represents a critical component in unmanned aerial vehicle control, serving as the primary flight control solution for drone operations across various commercial and military applications. This autonomous flight control software operates within safety-critical environments where system reliability and security are paramount. The vulnerability identified in versions prior to 1.17.0-rc2 specifically targets the BST telemetry probe functionality, which serves as a diagnostic interface for monitoring and communicating with various onboard systems. The BST probe mechanism is designed to collect and transmit device information including device names and identifiers to facilitate system diagnostics and operational monitoring.
The technical flaw resides in the handling of device name length parameters within the BST telemetry driver implementation. When a malicious BST device connects to the system, it can manipulate the dev_name_len field to report an oversized value that exceeds the allocated buffer space. This improper bounds checking mechanism creates a classic stack overflow condition where the driver attempts to write a string terminator using the device-provided length without validating whether the specified length exceeds the actual buffer capacity. The vulnerability manifests as a direct consequence of insufficient input validation and memory management practices within the driver code.
The operational impact of this vulnerability extends beyond simple system crashes, presenting potential security risks that could compromise drone operations and safety systems. When the stack overflow occurs, it can result in immediate task termination or potentially enable arbitrary code execution within the autopilot system context. This presents a significant risk for autonomous drone operations where system stability and integrity are crucial for safe flight operations. The vulnerability affects the entire PX4 ecosystem and impacts all drone platforms utilizing affected firmware versions, potentially exposing operators to unauthorized control or system compromise scenarios.
Mitigation strategies for this vulnerability require immediate firmware updates to version 1.17.0-rc2 or later, which implements proper bounds checking for device name length parameters. System administrators should conduct thorough security assessments of their drone fleets to identify affected devices and ensure all components are updated to patched versions. The vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and represents a clear violation of secure coding practices. From an attack surface perspective, this vulnerability maps to ATT&CK technique T1059.007 for command and control through device drivers, highlighting the importance of secure driver development practices. Organizations should implement continuous monitoring of their drone systems and establish robust update protocols to prevent exploitation of similar vulnerabilities in the future.