CVE-2026-32707

Name of the Vulnerable Software and Affected Versions PX4 autopilot versions prior to 1.17.0-rc2

Description PX4 autopilot is a flight control solution for drones. The tattu can component contains an unbounded memcpy function within its multi-frame assembly loop. This allows for stack memory overwrite when specifically crafted CAN frames are processed. If tattu can is enabled and running, an attacker capable of CAN injection can cause a crash (Denial of Service) and memory corruption.

Recommendations Versions prior to 1.17.0-rc2 should be updated to version 1.17.0-rc2 or later.