Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PX4 — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting PX4. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PX4 is an open-source flight control software for unmanned aerial vehicles, enabling autonomous flight operations across various industries. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the 14 recorded CVEs highlight ongoing security concerns, particularly in network communication components and web interfaces. The software's modular architecture and extensive third-party integrations introduce additional attack surfaces, requiring rigorous hardening measures for deployment in security-sensitive environments.

Top products by PX4: PX4-Autopilot MAVLink Autopilot
CVE IDTitleCVSSSeverityPublished
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function — AutopilotCWE-306 9.8 Critical2026-03-31
CVE-2026-32743 PX4 Autopilot: Stack-based Buffer Overflow via Oversized Path Input in MAVLink Log Request Handling — PX4-AutopilotCWE-121 6.5 Medium2026-03-18
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition — PX4-AutopilotCWE-416 5.3 Medium2026-03-13
CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors — PX4-AutopilotCWE-670 4.3 Medium2026-03-13
CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete) — PX4-AutopilotCWE-22 5.4 Medium2026-03-13
CVE-2026-32708 Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot) — PX4-AutopilotCWE-121 7.8 High2026-03-13
CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop — PX4-AutopilotCWE-121 5.2 Medium2026-03-13
CVE-2026-32706 PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet — PX4-AutopilotCWE-120 7.1 High2026-03-13
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer — PX4-AutopilotCWE-121 6.8 Medium2026-03-13
CVE-2025-15150 PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow — PX4-AutopilotCWE-121 5.3 Medium2025-12-28
CVE-2025-9020 PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free — PX4-AutopilotCWE-416 4.5 Medium2025-08-15
CVE-2023-47625 Global Buffer Overflow leading to denial of service in PX4-Autopilot — PX4-AutopilotCWE-120 2.9 Low2023-11-13
CVE-2023-46256 PX4-Autopilot Heap Buffer Overflow Bug — PX4-AutopilotCWE-122 4.4 Medium2023-10-31
CVE-2020-10283 RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication — MAVLinkCWE-288 9.8 -2020-08-20

This page lists every published CVE security advisory associated with PX4. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.