CVE-2026-37458
Analyzed Analyzed - Analysis Complete
Denial of Service in FRRouting via Malformed UPDATE Message

Publication date: 2026-05-04

Last updated on: 2026-05-11

Assigner: MITRE

Description
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-37458
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frrouting frrouting From 10.0 (inc) to 10.6.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is due to missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) versions stable/10.0 to stable/10.6. An authenticated attacker can exploit this flaw by sending a specially crafted UPDATE message, which can cause the system to experience a Denial of Service (DoS).

Impact Analysis

The impact of this vulnerability is that an authenticated attacker can cause a Denial of Service (DoS) on the affected FRRouting system. This means the system could become unavailable or unresponsive, potentially disrupting network routing and connectivity.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring BGP sessions for warnings or session withdrawals caused by invalid MP_REACH_NLRI next-hop addresses. Specifically, look for log entries indicating that martian (invalid or reserved) next-hop addresses were rejected in the MP_REACH_NLRI attribute.

You can check the BGP daemon logs for such warnings. Additionally, commands that display BGP session status and received UPDATE messages may help identify abnormal session resets or malformed updates.

  • Check BGP daemon logs for warnings about martian next-hop addresses.
  • Use commands like `show bgp summary` or `show bgp neighbors` in FRRouting to monitor BGP session status.
  • Inspect BGP UPDATE messages for malformed MP_REACH_NLRI attributes if your FRRouting version supports detailed debugging.
Mitigation Strategies

To mitigate this vulnerability, ensure that your FRRouting installation is updated to a version that includes the fix which validates the MP_REACH_NLRI next-hop attribute.

The fix enforces rejection of invalid or reserved next-hop addresses and withdraws affected BGP sessions with a warning, preventing denial of service caused by crafted UPDATE messages.

  • Upgrade FRRouting to a version including the commit that adds validation for MP_REACH_NLRI next-hop addresses.
  • Configure your router to disallow martian (invalid or reserved) next-hop addresses if not already set.
  • Monitor BGP logs for warnings related to invalid next-hop addresses to detect potential exploitation attempts.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37458. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart