CVE-2026-32713— PX4-Autopilot 安全漏洞

PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors. This enables an unauthenticated attacker to put the FTP subsystem into an inconsistent state, trigger operations on invalid file descriptors, and bypass session isolation checks. This vulnerability is fixed in 1.17.0-rc2.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

控制流实现总是不正确

PX4-Autopilot 安全漏洞

PX4-Autopilot是PX4 Autopilot开源的一个无人机自动驾驶系统。 PX4-Autopilot 1.17.0-rc2之前版本存在安全漏洞，该漏洞源于PX4 Autopilot MAVLink FTP会话验证中存在逻辑错误，可能导致未经验证的攻击者使FTP子系统进入不一致状态并绕过会话隔离检查。

N/A

N/A