CVE-2026-32709

MEDIUM

5.4

Descripcion

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem without authentication. On NuttX targets, the FTP root directory is an empty string, meaning attacker-supplied paths are passed directly to filesystem syscalls with no prefix or sanitization for read operations. On POSIX targets (Linux companion computers, SITL), the write-path validation function unconditionally returns true, providing no protection. A TOCTOU race condition in the write validation on NuttX further allows bypassing the only existing guard. This vulnerability is fixed in 1.17.0-rc2.

Detalles CVE

Puntuacion CVSS v3.15.4

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado3/16/2026

Ultima modificacion3/16/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

dronecode:px4_drone_autopilot

Debilidades (CWE)

CWE-22

Referencias

https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-fh32-qxj9-x32f(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.