CVE-2026-32724
PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1.
| CWE | CWE-416 |
| Vendor | px4 |
| Product | px4-autopilot |
| Published | Mar 13, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for px4 px4-autopilot
Be the first to know when new medium vulnerabilities affecting px4 px4-autopilot are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
PX4 / PX4-Autopilot
< 1.17.0-rc1