CVE-2026-32706 in PX4-Autopilot
Summary
by MITRE • 03/16/2026
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial port, an adjacent/raw-serial attacker can trigger memory corruption and crash PX4. This vulnerability is fixed in 1.17.0-rc2.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/21/2026
The CVE-2026-32706 vulnerability affects the PX4 autopilot system, a widely used flight control solution for unmanned aerial vehicles. This critical memory corruption flaw exists in versions prior to 1.17.0-rc2 and specifically targets the CRSF (Crossfire Serial Protocol) receiver parser component. The vulnerability arises from improper bounds checking during packet processing, creating a classic buffer overflow condition that can be exploited by malicious actors with access to the serial communication channel. The affected system processes CRSF serial data through a global 64-byte buffer that lacks adequate size validation before copying variable-length packets, making it susceptible to memory corruption attacks.
The technical implementation of this vulnerability stems from the crsf_rc parser's failure to validate packet lengths against the fixed buffer size. When an attacker sends a malformed CRSF packet with a length exceeding 64 bytes, the system performs a direct copy operation into the global buffer without performing any bounds checking. This behavior directly violates fundamental security principles and creates a predictable memory corruption scenario. The vulnerability is particularly concerning because it operates at the serial communication level, where attackers can potentially inject malicious data through adjacent or raw serial interfaces. According to CWE-121, this represents a classic stack-based buffer overflow condition, while the operational impact aligns with ATT&CK technique T1059.007 for command and control through serial communication channels.
The operational impact of this vulnerability extends beyond simple system crashes, as it can potentially lead to complete system compromise and flight safety risks. In drone applications, where PX4 autopilot systems control critical flight operations, memory corruption could result in loss of control, unintended flight behavior, or complete system failure during critical flight phases. The vulnerability's exploitation requires only serial access to the CRSF port, making it particularly dangerous in environments where physical access to drone components is possible. This weakness creates a potential attack surface that could be leveraged by adversaries to disrupt operations, potentially causing damage to equipment or injury to personnel in the event of a controlled flight termination. The fix implemented in version 1.17.0-rc2 addresses the root cause by introducing proper bounds checking mechanisms to validate packet lengths before buffer operations, ensuring that no more data than the allocated buffer space is copied.
Organizations deploying PX4 autopilot systems should prioritize immediate upgrade to version 1.17.0-rc2 or later to mitigate this vulnerability. System administrators should also implement network segmentation and access controls to limit physical and serial interface access to authorized personnel only. Additional mitigations include monitoring serial communication for anomalous packet sizes and implementing intrusion detection systems specifically designed to identify CRSF protocol anomalies. The vulnerability highlights the importance of input validation in embedded systems and reinforces the need for robust buffer management practices in real-time flight control applications. Security teams should conduct thorough risk assessments of their drone fleet deployments to identify systems running vulnerable versions and ensure proper patch management protocols are in place to prevent exploitation of similar vulnerabilities in the future.