{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T19:08:42.909","vulnerabilities":[{"cve":{"id":"CVE-2026-32724","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T14:19:43.203","lastModified":"2026-03-16T18:33:49.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1."},{"lang":"es","value":"El piloto automático PX4 es una solución de control de vuelo para drones. Previo a la versión 1.17.0-rc1, se detecta un uso después de liberación en el heap en la función MavlinkShell::available(). El problema es causado por una condición de carrera entre el hilo receptor de MAVLink (que gestiona la creación/destrucción del shell) y el hilo emisor de telemetría (que consulta el shell en busca de salida disponible). El problema puede ser activado remotamente a través de mensajes MAVLink SERIAL_CONTROL (ID 126), los cuales pueden ser enviados por una estación terrestre externa o un script automatizado. Esta vulnerabilidad está corregida en la versión 1.17.0-rc1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.0","matchCriteriaId":"2FC2D6F1-D77D-44C2-A99C-55CB5A4474B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"033A0A82-2986-44D5-A712-47B8D43407FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3F2EA96E-BC3A-42AB-B81B-53D5872B2296"}]}]}],"references":[{"url":"https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-j5w2-w79c-mqrw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}