CVE-2026-32707

MEDIUM

PX4 autopilot <1.17.0-rc2 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32707. PoCs published by mbanyamer.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-32707, a stack-based buffer overflow in the PX4-Autopilot tattu_can driver. The exploit sends crafted CAN frames to trigger a DoS by corrupting the stack.

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

Exploits (1)

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2026-32707-PX4-Autopilot-tattu_can-Stack-Buffer-Overflow-DoS-

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-32707, a stack-based buffer overflow in the PX4-Autopilot tattu_can driver. The exploit sends crafted CAN frames to trigger a DoS by corrupting the stack.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PX4-Autopilot versions ≤ 1.17.0-rc1

No auth needed

Prerequisites: Python 3 with python-can library · Linux with SocketCAN support · Root privileges (CAP_NET_RAW) · CAN interface (physical or virtual)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 08, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-wxwm-xmx9-hr32

Scores

CVSS v3 5.2

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (3)

dronecode/px4_drone_autopilot 1.17.0 alpha1 (3 CPE variants)

dronecode/px4_drone_autopilot < 1.17.0

PX4/PX4-Autopilot < 1.17.0-rc2

Published Mar 16, 2026

Tracked Since Mar 16, 2026