CVE-2026-32708 HIGH

CVE-2026-32708: Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)

Vendor Px4
Product PX4-Autopilot
Weakness CWE-121
Published March 13, 2026
Last update March 17, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.

Key dates

02Disclosure timeline

March 13, 2026 CVE published
March 17, 2026 Record updated