{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T02:37:37.455","vulnerabilities":[{"cve":{"id":"CVE-2026-32707","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T14:19:41.783","lastModified":"2026-06-17T10:36:14.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2."},{"lang":"es","value":"El piloto automático PX4 es una solución de control de vuelo para drones. Antes de la versión 1.17.0-rc2, tattu_can contiene un memcpy sin límites en su bucle de ensamblaje de múltiples tramas, lo que permite la sobrescritura de memoria de pila cuando se procesan tramas CAN manipuladas. En implementaciones donde tattu_can está habilitado y en ejecución, un atacante capaz de inyectar CAN puede provocar un fallo (DoS) y corrupción de memoria. Esta vulnerabilidad está corregida en la versión 1.17.0-rc2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PX4","product":"PX4-Autopilot","versions":[{"version":"< 1.17.0-rc2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-17T15:33:44.296420Z","id":"CVE-2026-32707","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.0","matchCriteriaId":"2FC2D6F1-D77D-44C2-A99C-55CB5A4474B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"033A0A82-2986-44D5-A712-47B8D43407FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3F2EA96E-BC3A-42AB-B81B-53D5872B2296"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:rc1:*:*:*:*:*:*","matchCriteriaId":"1EAC5320-8D94-477D-AB85-144F8218DDFB"}]}]}],"references":[{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-wxwm-xmx9-hr32","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-wxwm-xmx9-hr32","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}