FRR Stable/10.1 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/frr-stable/10.1/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 19 May 2026 07:13:08 +0000FRRouting CVE-2026-37458 Denial of Service Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/Tue, 19 May 2026 07:13:08 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/A denial-of-service vulnerability, identified as CVE-2026-37458, exists in the MP_REACH_NLRI component of FRRouting versions stable/10.0 to stable/10.6, where authenticated attackers can trigger a DoS by sending a crafted UPDATE message due to missing input validation.FRRouting (FRR) is susceptible to a denial-of-service (DoS) vulnerability, tracked as CVE-2026-37458, affecting versions stable/10.0 through stable/10.6. The vulnerability lies within the MP_REACH_NLRI component and stems from a lack of input validation when processing UPDATE messages. An authenticated attacker can exploit this flaw by sending a specially crafted UPDATE message, leading to resource exhaustion or service interruption on the affected FRR instance. Successful exploitation can disrupt network routing and availability. Defenders should apply the appropriate patches or mitigations to prevent potential exploitation.

Attack Chain

  1. An authenticated attacker gains network access to an FRR instance running a vulnerable version (stable/10.0 to stable/10.6).
  2. The attacker crafts a malicious BGP UPDATE message specifically targeting the MP_REACH_NLRI component.
  3. This crafted UPDATE message contains invalid or oversized data within the NLRI (Network Layer Reachability Information) fields.
  4. The attacker sends the crafted UPDATE message to the targeted FRR instance.
  5. The FRR instance receives the crafted UPDATE message and attempts to process the malformed NLRI data.
  6. Due to the missing input validation, the FRR instance consumes excessive resources (CPU, memory) while processing the invalid NLRI.
  7. The resource exhaustion leads to a denial of service, impacting the routing functionality of the FRR instance.

Impact

Successful exploitation of CVE-2026-37458 results in a denial-of-service condition, preventing the FRRouting instance from properly functioning. This can disrupt network routing, leading to connectivity issues and potential network outages. The impact is primarily a loss of availability for network services relying on the affected FRR instance. The number of potential victims depends on the deployment size of FRRouting within an organization’s network infrastructure.

Recommendation

  • Upgrade FRRouting instances to a patched version beyond stable/10.6 to remediate CVE-2026-37458.
  • Deploy the Sigma rule “Detect CVE-2026-37458 Exploitation Attempt - Malformed BGP UPDATE Message” to identify suspicious BGP UPDATE messages indicative of exploitation attempts.
  • Implement rate limiting for BGP UPDATE messages to mitigate the impact of potential DoS attacks.
  • Monitor network traffic for unusual patterns related to BGP UPDATE messages.
]]>mediumthreatdenial-of-servicenetworkfrroutingcve-2026-37458