CVE-2026-32706
Buffer Overflow in PX4 crsf_rc Parser Causes Crash
Publication date: 2026-03-16
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dronecode | px4_drone_autopilot | to 1.17.0 (exc) |
| dronecode | px4_drone_autopilot | 1.17.0 |
| dronecode | px4_drone_autopilot | 1.17.0 |
| dronecode | px4_drone_autopilot | 1.17.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-32706 vulnerability is a global buffer overflow in the crsf_rc parser of the PX4 autopilot software, affecting versions prior to 1.17.0-rc2.
The issue occurs because the parser accepts an oversized variable-length known packet and copies it into a fixed-size 64-byte global buffer without checking if the packet size exceeds the buffer size.
This unchecked copy leads to memory corruption, which can cause the PX4 autopilot software to crash.
An attacker with access to the CRSF serial port, such as a malicious device on the same serial line, can exploit this by sending crafted oversized packets to trigger the overflow.
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service by crashing the PX4 autopilot software, which controls drone flight.
An attacker with adjacent access to the CRSF serial port can exploit this to cause memory corruption and crash the system.
The impact includes potential loss of control or interruption of drone operations, which could have safety and operational consequences.
The vulnerability has a high severity score (CVSS 7.1) mainly due to its availability impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or memory corruption events in the PX4 autopilot software when the crsf_rc parser is enabled on a CRSF serial port.
A proof-of-concept environment exists that uses a Docker-based setup to build a PX4 SITL binary with AddressSanitizer (ASAN), runs the PX4 daemon and crsf_rc module against a PTY-backed serial device, injects crafted oversized packets, and confirms the overflow via ASAN crash logs.
While no specific commands are provided, detection involves running PX4 with ASAN enabled and injecting oversized CRSF packets to observe crashes or memory corruption.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade PX4 autopilot software to version 1.17.0-rc2 or later, where this vulnerability has been fixed.
Additionally, restrict access to the CRSF serial port to trusted devices only, preventing adjacent attackers from injecting malicious oversized packets.