CVE-2026-32743
Received Received - Intake
Stack-Based Buffer Overflow in PX4 MavlinkLogHandler Causes DoS

Publication date: 2026-03-19

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses paths from the log list file with no width specifier, allowing a path longer than 60 characters to overflow the buffer. An attacker with MAVLink link access can trigger this by first creating deeply nested directories via MAVLink FTP, then requesting the log list. The flight controller MAVLink task crashes, losing telemetry and command capability and causing DoS. This issue has been fixed in this commit: https://github.com/PX4/PX4-Autopilot/commit/616b25a280e229c24d5cf12a03dbf248df89c474.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32743
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
dronecode px4_drone_autopilot to 1.17.0 (exc)
dronecode px4_drone_autopilot 1.17.0
dronecode px4_drone_autopilot 1.17.0
dronecode px4_drone_autopilot 1.17.0
dronecode px4_drone_autopilot 1.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32743 is a stack-based buffer overflow vulnerability in the PX4 autopilot software, specifically in the MavlinkLogHandler component. The issue occurs because the LogEntry.filepath buffer is only 60 bytes, but the sscanf function used to parse file paths from the log list does not limit the input length. This allows an attacker to overflow the buffer by providing a file path longer than 60 characters.'}, {'type': 'paragraph', 'content': "An attacker with access to the MAVLink communication link can exploit this by creating deeply nested directories via MAVLink FTP, resulting in long file paths. When a log list request is made, the overly long paths cause a stack buffer overflow, crashing the flight controller's MAVLink task."}, {'type': 'paragraph', 'content': 'This vulnerability has been fixed by increasing the buffer size to PX4_MAX_FILEPATH (256 bytes), adding width specifiers to sscanf calls to limit input length, and adding compile-time checks to prevent future overflows.'}] [1, 2]

Impact Analysis

This vulnerability can cause a denial of service (DoS) condition on affected PX4 autopilot systems. When exploited, the MAVLink task on the flight controller crashes, resulting in loss of telemetry and command capabilities.

The loss of telemetry and command control can lead to unexpected drone behavior, potentially causing mission failure or unsafe situations during drone operation.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for crashes or denial of service conditions in the PX4 autopilot's MAVLink task, especially after receiving MAVLink log list requests.

Since the vulnerability is triggered by MAVLink log requests with deeply nested directories or file paths longer than 60 characters, detection can involve checking for unusually long file paths in MAVLink FTP or suspicious MAV_CMD_LOG_REQUEST_LIST commands.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include updating the PX4 autopilot software to a version that includes the fix for CVE-2026-32743.

The fix involves increasing the size of the LogEntry.filepath buffer and adding width specifiers to sscanf calls to prevent buffer overflow.

Until the update can be applied, restrict or monitor MAVLink FTP access to prevent attackers from creating deeply nested directories or sending malicious MAV_CMD_LOG_REQUEST_LIST commands.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32743. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart