top of page
perceptive_background_267k.jpg

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload l…

Published:

15 March 2026 at 23:00:00

Alert date:

16 March 2026 at 21:03:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

PX4 autopilot flight control solution for drones contains a stack overflow vulnerability in versions prior to 1.17.0-rc2. The Zenoh uORB subscriber allocates a stack VLA directly from incoming payload length without bounds checking. Remote attackers can exploit this by sending oversized fragmented messages through a Zenoh publisher. This causes unbounded stack allocation and copy operations, leading to stack overflow and crash of the Zenoh bridge task. The vulnerability allows remote denial of service attacks against drone flight control systems. Fixed in version 1.17.0-rc2.

Technical details

Mitigation steps:

Affected products:

PX4 Autopilot

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32708
https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-69g4-hcqf-j45p

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page