Stack Overflow Vulnerability in PX4 Autopilot Drone Control Solution
CVE-2026-32708

7.8HIGH

Key Information:

Vendor: Px4
Status: Px4-autopilot
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-32708?

The PX4 autopilot, renowned for its flight control capabilities in drone technology, is vulnerable to a stack overflow issue caused by unbounded stack allocation in the Zenoh uORB subscriber. The flaw arises when a remote Zenoh publisher sends oversized fragmented messages, leading to a potential crash of the Zenoh bridge task. This vulnerability has been addressed in version 1.17.0-rc2, reinforcing the importance of software updates for maintaining robust aviation safety.

Affected Version(s)

PX4-Autopilot < 1.17.0-rc2

References

https://github.com/PX4/PX4-Autopilot/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-32708 Data

JSON

Px4

What is CVE-2026-32708?

Affected Version(s)

References

CVSS V3.1

Timeline