CVE-2026-32707 PUBLISHED

PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

Assigner: GitHub_M
Reserved: 13.03.2026 Published: 13.03.2026 Updated: 13.03.2026

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS Score: 5.2

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	PX4
Product	PX4-Autopilot
Versions	Version < 1.17.0-rc2 is affected

References

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-wxwm-xmx9-hr32

Problem Types

CWE-121: Stack-based Buffer Overflow CWE