PT-2026-25388 · Px4+2 · Px4-Autopilot+1
Enitmar
+1
·
Published
2026-03-13
·
Updated
2026-03-16
·
CVE-2026-32705
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PX4 autopilot versions prior to 1.17.0-rc2
Description
PX4 autopilot is a flight control solution for drones. The BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized
dev name len, causing a stack overflow in the driver and potentially enabling code execution.Recommendations
Update to version 1.17.0-rc2 or later.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Px4-Autopilot
Px4 Drone Autopilot