CVE-2026-37457
Published: 01 May 2026
Summary
CVE-2026-37457 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Frrouting Frrouting. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-37457 is an off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function within bgpd/bgp_flowspec_util.c of FRRouting (FRR) stable/10.0. Published on 2026-05-01, this flaw enables attackers to cause a Denial of Service (DoS) by supplying a crafted FlowSpec component. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-787 (Out-of-bounds Write).
The vulnerability is exploitable remotely over the network by unauthenticated attackers requiring low complexity and no user interaction. Exploitation triggers an out-of-bounds write, leading to a crash of the affected FRR bgpd process and a high-impact denial of service on the routing service.
Mitigation is provided through a patch in the FRR repository, as documented in the commit at https://github.com/FRRouting/frr/commit/0e6882bc72c0278988a47b2f0f73b7a91099a25c. Security practitioners should apply this fix to FRR stable/10.0 instances exposed to untrusted BGP peers handling FlowSpec updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26703
Vulnerability details
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The off-by-one out-of-bounds write in bgpd enables remote unauthenticated attackers to crash the routing process via crafted FlowSpec input, directly facilitating Endpoint Denial of Service through application exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely identification, reporting, and correction of software flaws like the off-by-one out-of-bounds write in FRR's bgp_flowspec_op_decode() to prevent DoS crashes from crafted FlowSpec components.
Deploys memory protection mechanisms such as stack canaries and non-executable memory to mitigate out-of-bounds writes that cause bgpd process crashes in FRRouting.
Enforces validation of untrusted BGP FlowSpec inputs to block malformed components that exploit the decoding vulnerability leading to DoS.