CVE-2026-32724

Source
https://cve.org/CVERecord?id=CVE-2026-32724
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32724.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32724
Aliases
  • GHSA-j5w2-w79c-mqrw
Published
2026-03-13T21:39:19.207Z
Modified
2026-04-10T05:42:27.491892Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
Details

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is remotely triggerable via MAVLink SERIAL_CONTROL messages (ID 126), which can be sent by an external ground station or automated script. This vulnerability is fixed in 1.17.0-rc1.

Database specific
{
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32724.json"
}
References

Affected packages

Git / github.com/px4/px4-autopilot

Affected ranges

Type
GIT
Repo
https://github.com/px4/px4-autopilot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.0beta2
v1.0.0rc10
v1.0.0rc12
v1.0.0rc7
v1.0.0rc8
v1.0.0rc9
v1.1.0beta1
v1.1.0beta3
v1.1.1
v1.1.2
v1.1.3
v1.10.0-beta1
v1.10.0-beta2
v1.10.0-beta3
v1.10.0-beta4
v1.11.0-beta1
v1.11.0-beta2
v1.11.0-rc1
v1.11.0-rc2
v1.11.0-rc3
v1.12.0
v1.12.0-beta2
v1.12.0-beta3
v1.12.0-beta4
v1.12.0-beta5
v1.12.0-beta6
v1.12.0-rc1
v1.13.0-alpha1
v1.13.0-beta1
v1.14.0-beta1
v1.14.0-beta2
v1.15.0-alpha1
v1.15.0-beta1
v1.16.0-alpha1
v1.16.0-alpha2
v1.16.0-beta1
v1.16.0-rc1
v1.17.0-alpha1
v1.17.0-beta1
v1.3.0rc1
v1.3.0rc2
v1.3.0rc3
v1.3.2
v1.4.0rc1
v1.4.0rc2
v1.4.0rc3
v1.4.0rc4
v1.4.1
v1.4.1rc1
v1.4.1rc2
v1.4.1rc3
v1.4.1rc4
v1.4.2
v1.4.3
v1.4.4rc1
v1.5.0
v1.5.1
v1.5.1rc2
v1.5.1rc3
v1.5.1rc4
v1.5.2
v1.6.0-rc2
v1.6.0-rc3
v1.6.0-rc4
v1.6.0rc1
v1.6.2
v1.6.4
v1.6.5
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.1
v1.7.2
v1.7.3
v1.7.3beta
v1.7.4beta
v1.8.0
v1.8.0-beta1
v1.8.0-beta2
v1.8.0-rc0
v1.9.0
v1.9.0-alpha
v1.9.0-beta1
v1.9.0-beta2
v1.9.0-beta3
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32724.json"