CVE-2026-32709

MEDIUM EPSS 37.6%
Published Mar 16, 20263mo ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Mar 16, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without authentication. On NuttX targets, the FTP root directory is an empty string, meaning attacker-supplied paths are passed directly to filesystem syscalls with no prefix or sanitization for read operations. On POSIX targets (Linux companion computers, SITL), the write-path validation function unconditionally returns true, providing no protection. A TOCTOU race condition in the write validation on NuttX further allows bypassing the only existing guard. This vulnerability is fixed in 1.17.0-rc2.

CVSS Details

Base Score
6.8
Exploitability
1.6
Impact
5.2
Vector string
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Adjacent
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
37.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 4

VendorProductVersionRange
dronecodepx4_drone_autopilot* <1.17.0
dronecodepx4_drone_autopilot1.17.0any
dronecodepx4_drone_autopilot1.17.0any
dronecodepx4_drone_autopilot1.17.0any

References 1

  • github.com https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-fh32-qxj9-x32f
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.