Security Advisory

CVE-2026-32705

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-13 21:15:55

Last updated 2026-03-17 16:03:00

Assigner GitHub_M

State PUBLISHED

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2.

← Browse all CVEs View on cve.org ↗