Can you explain this vulnerability to me?

CVE-2026-32709 is an unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation affecting versions prior to 1.17.0-rc2.

This flaw allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without any authentication.

On NuttX targets, the FTP root directory is an empty string, so attacker-supplied file paths are used directly in filesystem calls without any prefix or sanitization, enabling traversal outside intended directories.

On POSIX targets (Linux companion computers, SITL), the write-path validation function always returns true, disabling any write-path protection.

Additionally, a time-of-check-to-time-of-use (TOCTOU) race condition on NuttX allows bypassing the only existing write validation guard.

No authentication is required to exploit this vulnerability, meaning any system with matching or broadcast target IDs can perform these unauthorized file operations.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized reading of sensitive files such as configuration files, logs, cryptographic keys, and parameters.

Attackers can create or modify arbitrary files, potentially planting malicious scripts, overwriting firmware, or tampering with configuration.

It also allows deletion of files, which can be used to cover tracks or cause system instability.

Exfiltration of mission plans, geofence data, and flight logs is possible.

Physical safety risks include loss of vehicle control, crashes, or bypassing geofences, which can have serious consequences.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring MAVLink FTP traffic for unauthorized or suspicious file operations such as reading, writing, creating, deleting, or renaming files without authentication.

Since the vulnerability allows arbitrary file access via path traversal, commands or scripts that attempt to access files outside the expected FTP root directory (e.g., using paths like ../../) can help detect exploitation attempts.

On NuttX targets, attempts to read sensitive files such as /proc/version via MAVLink FTP commands could indicate exploitation.

On POSIX targets, attempts to write files outside the intended directory (e.g., ../../tmp/pwned) via MAVLink FTP commands can be a sign of exploitation.

Network monitoring tools can be used to capture MAVLink FTP packets and inspect for path traversal patterns or unauthorized file operations.

Specific commands depend on the MAVLink interface and tools available, but generally, capturing MAVLink FTP traffic and analyzing file operation commands for suspicious paths is recommended.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the PX4 Autopilot software to version 1.17.0-rc2 or later, where this vulnerability is fixed.

Until the upgrade can be applied, restrict network access to the MAVLink FTP service to trusted systems only, minimizing exposure to untrusted MAVLink peers.

Implement network-level controls such as firewall rules or segmentation to limit access to the MAVLink interface.

Monitor MAVLink FTP traffic for suspicious file operations and unauthorized access attempts.

Consider disabling or restricting MAVLink FTP functionality if it is not required for your operations.

Useful 0 Not Useful 0