{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:40:18.615","vulnerabilities":[{"cve":{"id":"CVE-2026-32713","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T14:19:42.313","lastModified":"2026-03-16T19:00:42.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors. This enables an unauthenticated attacker to put the FTP subsystem into an inconsistent state, trigger operations on invalid file descriptors, and bypass session isolation checks. This vulnerability is fixed in 1.17.0-rc2."},{"lang":"es","value":"El piloto automático PX4 es una solución de control de vuelo para drones. Antes de la versión 1.17.0-rc2, un error de lógica en la validación de sesión FTP MAVLink del piloto automático PX4 utiliza lógica booleana incorrecta (&& en lugar de ||), permitiendo que las operaciones BurstReadFile y WriteFile procedan con sesiones inválidas o descriptores de archivo cerrados. Esto permite a un atacante no autenticado poner el subsistema FTP en un estado inconsistente, activar operaciones en descriptores de archivo inválidos y eludir las comprobaciones de aislamiento de sesión. Esta vulnerabilidad está corregida en la versión 1.17.0-rc2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-670"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.0","matchCriteriaId":"2FC2D6F1-D77D-44C2-A99C-55CB5A4474B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"033A0A82-2986-44D5-A712-47B8D43407FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3F2EA96E-BC3A-42AB-B81B-53D5872B2296"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:rc1:*:*:*:*:*:*","matchCriteriaId":"1EAC5320-8D94-477D-AB85-144F8218DDFB"}]}]}],"references":[{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-pp2c-jr5g-6f2m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}