{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/frr-stable/10.3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-37458"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FRR stable/10.0","FRR stable/10.1","FRR stable/10.2","FRR stable/10.3","FRR stable/10.4","FRR stable/10.5","FRR stable/10.6"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","network","frrouting","cve-2026-37458"],"_cs_type":"threat","_cs_vendors":["FRRouting"],"content_html":"\u003cp\u003eFRRouting (FRR) is susceptible to a denial-of-service (DoS) vulnerability, tracked as CVE-2026-37458, affecting versions stable/10.0 through stable/10.6. The vulnerability lies within the MP_REACH_NLRI component and stems from a lack of input validation when processing UPDATE messages. An authenticated attacker can exploit this flaw by sending a specially crafted UPDATE message, leading to resource exhaustion or service interruption on the affected FRR instance. Successful exploitation can disrupt network routing and availability. Defenders should apply the appropriate patches or mitigations to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker gains network access to an FRR instance running a vulnerable version (stable/10.0 to stable/10.6).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious BGP UPDATE message specifically targeting the MP_REACH_NLRI component.\u003c/li\u003e\n\u003cli\u003eThis crafted UPDATE message contains invalid or oversized data within the NLRI (Network Layer Reachability Information) fields.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted UPDATE message to the targeted FRR instance.\u003c/li\u003e\n\u003cli\u003eThe FRR instance receives the crafted UPDATE message and attempts to process the malformed NLRI data.\u003c/li\u003e\n\u003cli\u003eDue to the missing input validation, the FRR instance consumes excessive resources (CPU, memory) while processing the invalid NLRI.\u003c/li\u003e\n\u003cli\u003eThe resource exhaustion leads to a denial of service, impacting the routing functionality of the FRR instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-37458 results in a denial-of-service condition, preventing the FRRouting instance from properly functioning. This can disrupt network routing, leading to connectivity issues and potential network outages. The impact is primarily a loss of availability for network services relying on the affected FRR instance. The number of potential victims depends on the deployment size of FRRouting within an organization\u0026rsquo;s network infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FRRouting instances to a patched version beyond stable/10.6 to remediate CVE-2026-37458.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-37458 Exploitation Attempt - Malformed BGP UPDATE Message\u0026rdquo; to identify suspicious BGP UPDATE messages indicative of exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for BGP UPDATE messages to mitigate the impact of potential DoS attacks.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual patterns related to BGP UPDATE messages.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T07:13:08Z","date_published":"2026-05-19T07:13:08Z","id":"https://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/","summary":"A denial-of-service vulnerability, identified as CVE-2026-37458, exists in the MP_REACH_NLRI component of FRRouting versions stable/10.0 to stable/10.6, where authenticated attackers can trigger a DoS by sending a crafted UPDATE message due to missing input validation.","title":"FRRouting CVE-2026-37458 Denial of Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — FRR Stable/10.3","version":"https://jsonfeed.org/version/1.1"}