VYPR

Px4 Autopilot

by Px4

Source repositories

CVEs (23)

  • CVE-2025-9020MedAug 15, 2025
    risk 0.29cvss 4.5epss 0.00

    A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument…

  • CVE-2025-5640LowJun 5, 2025
    risk 0.24cvss 3.3epss 0.01

    A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message…

  • CVE-2026-32743Mar 18, 2026
    risk 0.00cvss epss 0.00

    PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf…

  • CVE-2026-32724Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the…

  • CVE-2026-32713Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or…

  • CVE-2026-32709Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller…

  • CVE-2026-32708Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack…

  • CVE-2026-32707Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a…

  • CVE-2026-32706Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc is enabled on a CRSF serial…

  • CVE-2026-32705Mar 13, 2026
    risk 0.00cvss epss 0.00

    PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and…

  • CVE-2026-26741Mar 10, 2026
    risk 0.00cvss epss 0.00

    PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the…

  • CVE-2026-26742Mar 10, 2026
    risk 0.00cvss epss 0.00

    PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default…

  • CVE-2025-15150Dec 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer…

  • CVE-2024-38951Jun 25, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.

  • CVE-2024-38952Jun 25, 2024
    risk 0.00cvss epss 0.01

    PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.

  • CVE-2024-30800Apr 23, 2024
    risk 0.00cvss epss 0.00

    PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.

  • CVE-2024-30799Apr 22, 2024
    risk 0.00cvss epss 0.00

    An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.

  • CVE-2024-29460Apr 10, 2024
    risk 0.00cvss epss 0.00

    An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.

  • CVE-2024-24254Feb 6, 2024
    risk 0.00cvss epss 0.00

    PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.

  • CVE-2024-24255Feb 6, 2024
    risk 0.00cvss epss 0.00

    A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.

Page 1 of 2