CVE-2026-32707 in PX4-Autopilot
Summary
by MITRE • 03/16/2026
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2026
The PX4 autopilot system represents a critical component in unmanned aerial vehicle control architectures, serving as the primary flight control solution for drone operations across various commercial and military applications. This sophisticated software framework manages complex flight dynamics and system integration through multiple interconnected modules, with tattu_can being one of the specialized components responsible for handling CAN (Controller Area Network) communication protocols. The vulnerability resides within this specific module's implementation, which processes multi-frame CAN data sequences essential for vehicle communication with external systems. The tattu_can module operates in environments where reliable and secure communication is paramount, particularly in scenarios involving autonomous flight operations where system stability directly impacts safety outcomes.
The technical flaw manifests as an unbounded memcpy operation within the multi-frame assembly loop of tattu_can, representing a classic buffer overflow vulnerability pattern that falls under CWE-121, which specifically addresses stack-based buffer overflow conditions. This implementation error occurs when the system processes crafted CAN frames that exceed the allocated stack buffer boundaries, allowing malicious actors to overwrite adjacent memory locations with arbitrary data. The vulnerability is particularly concerning because it operates at the kernel level within the autopilot's communication stack, where memory corruption can lead to unpredictable system behavior. The memcpy function lacks proper bounds checking mechanisms, enabling attackers to craft CAN frames with oversized payloads that will overwrite stack memory locations, potentially including return addresses, function pointers, or other critical control structures.
The operational impact of this vulnerability extends beyond simple denial-of-service conditions, as the memory corruption can potentially be exploited to achieve arbitrary code execution within the autopilot system. Attackers capable of injecting CAN frames into the vehicle's communication network can trigger system crashes and destabilize flight control operations, potentially leading to complete loss of vehicle control. This vulnerability affects deployments where tattu_can is enabled and actively running, which includes many commercial drone systems, industrial automation platforms, and military unmanned systems. The attack surface is particularly concerning in environments where vehicles operate in close proximity to other networked systems, as CAN injection capabilities can be achieved through various means including compromised ground stations, malicious network nodes, or physical proximity attacks targeting vehicle communication interfaces.
Mitigation strategies for this vulnerability require immediate software updates to version 1.17.0-rc2 or later, which includes proper bounds checking mechanisms within the tattu_can module's memory handling routines. System administrators and operators should implement comprehensive network monitoring to detect unusual CAN frame patterns that may indicate attempted exploitation attempts. The fix addresses the root cause by implementing proper buffer size validation before memory copying operations, preventing the overwrite conditions that previously enabled both crash and potential code execution scenarios. Organizations should also consider implementing CAN frame filtering mechanisms and network segmentation to limit the attack surface available to potential adversaries. This vulnerability demonstrates the critical importance of secure coding practices in embedded flight control systems, where memory safety violations can have catastrophic consequences for both system integrity and public safety. The remediation process requires careful testing to ensure that legitimate multi-frame CAN communications continue to function properly while preventing the exploitation vectors that previously existed in the codebase.