CVE-2026-32708
HIGHPX4 Autopilot < 1.17.0-rc2 - Stack-based Buffer Overflow via Zenoh uORB Subscriber
Title source: llmDescription
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-69g4-hcqf-j45p
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
14.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (3)
dronecode/px4_drone_autopilot
1.17.0 alpha1 (3 CPE variants)
dronecode/px4_drone_autopilot
< 1.17.0
PX4/PX4-Autopilot
< 1.17.0-rc2
Published
Mar 16, 2026
Tracked Since
Mar 16, 2026