CVE-2026-37458
Denial of Service in FRRouting via Malformed UPDATE Message
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frrouting | frr | From 10.0 (inc) to 10.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) versions stable/10.0 to stable/10.6. An authenticated attacker can exploit this flaw by sending a specially crafted UPDATE message, which can cause the system to experience a Denial of Service (DoS).
How can this vulnerability impact me? :
The impact of this vulnerability is that an authenticated attacker can cause a Denial of Service (DoS) on the affected FRRouting system. This means the system could become unavailable or unresponsive, potentially disrupting network routing and connectivity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring BGP sessions for warnings or session withdrawals caused by invalid MP_REACH_NLRI next-hop addresses. Specifically, look for log entries indicating that martian (invalid or reserved) next-hop addresses were rejected in the MP_REACH_NLRI attribute.
You can check the BGP daemon logs for such warnings. Additionally, commands that display BGP session status and received UPDATE messages may help identify abnormal session resets or malformed updates.
- Check BGP daemon logs for warnings about martian next-hop addresses.
- Use commands like `show bgp summary` or `show bgp neighbors` in FRRouting to monitor BGP session status.
- Inspect BGP UPDATE messages for malformed MP_REACH_NLRI attributes if your FRRouting version supports detailed debugging.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your FRRouting installation is updated to a version that includes the fix which validates the MP_REACH_NLRI next-hop attribute.
The fix enforces rejection of invalid or reserved next-hop addresses and withdraws affected BGP sessions with a warning, preventing denial of service caused by crafted UPDATE messages.
- Upgrade FRRouting to a version including the commit that adds validation for MP_REACH_NLRI next-hop addresses.
- Configure your router to disallow martian (invalid or reserved) next-hop addresses if not already set.
- Monitor BGP logs for warnings related to invalid next-hop addresses to detect potential exploitation attempts.