CVE-2026-32743

MEDIUM

PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-32743. PoCs published by SimoesCTT, mbanyamer.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-32743, targeting a stack buffer overflow in PX4 Autopilot ≤1.17.0-rc2. The exploit uses a 33-layer temporal cascade to achieve a persistent DoS by leveraging MAVLink FTP directory creation and command injection.

Description

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses paths from the log list file with no width specifier, allowing a path longer than 60 characters to overflow the buffer. An attacker with MAVLink link access can trigger this by first creating deeply nested directories via MAVLink FTP, then requesting the log list. The flight controller MAVLink task crashes, losing telemetry and command capability and causing DoS. This issue has been fixed in this commit: https://github.com/PX4/PX4-Autopilot/commit/616b25a280e229c24d5cf12a03dbf248df89c474.

Exploits (2)

nomisec WORKING POC
by SimoesCTT · poc
https://github.com/SimoesCTT/CTT-Enhanced-PX4-Autopilot-Exploit-CVE-2026-32743

This repository contains a functional exploit for CVE-2026-32743, targeting a stack buffer overflow in PX4 Autopilot ≤1.17.0-rc2. The exploit uses a 33-layer temporal cascade to achieve a persistent DoS by leveraging MAVLink FTP directory creation and command injection.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Complex
Reliability
Reliable
Target: PX4 Autopilot ≤1.17.0-rc2
No auth needed
Prerequisites: Network access to the target drone's MAVLink port (UDP 14550) · PX4 Autopilot version ≤1.17.0-rc2
devstral-2 · analyzed May 09, 2026 Full analysis →
nomisec WORKING POC
by mbanyamer · poc
https://github.com/mbanyamer/CVE-2026-32743-PX4-Autopilot-MavlinkLogHandler-Stack-Buffer-Overflow-DoS-

This repository contains a functional Python exploit for CVE-2026-32743, a stack-based buffer overflow in PX4 Autopilot's MavlinkLogHandler. The exploit leverages MAVLink FTP to create a long directory path, triggering a crash when the log list is requested.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PX4 Autopilot ≤1.17.0-rc2
No auth needed
Prerequisites: MAVLink FTP enabled · Network access to MAVLink UDP port (default 14550) · Target running PX4 ≤1.17.0-rc2 with SD card mounted
devstral-2 · analyzed May 09, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0037
EPSS Percentile 28.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (3)
dronecode/px4_drone_autopilot 1.17.0 alpha1 (4 CPE variants)
dronecode/px4_drone_autopilot < 1.17.0
PX4/PX4-Autopilot <= 1.17.0-rc2
Published Mar 19, 2026
Tracked Since Mar 19, 2026