PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-37459 FRRouting CVE debrief

CVE-2026-37459 is a high-severity vulnerability in FRRouting (FRR) that allows attackers to cause a Denial of Service (DoS) via a crafted BGP UPDATE message. The vulnerability is caused by an integer underflow in FRR versions stable/10.0 to stable/10.6. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. The CVE was published on May 4, 2026, and last modified on June 30, 2026.

Vendor
FRRouting
Product
FRR
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-04
Original CVE updated
2026-06-30
Advisory published
2026-05-04
Advisory updated
2026-06-30

Who should care

Network administrators and security teams responsible for FRRouting (FRR) installations should be aware of this vulnerability and take immediate action to mitigate the risk. This vulnerability can be exploited by attackers to cause a Denial of Service (DoS), which can have significant impacts on network availability and reliability. Red Hat users may be affected, as indicated by the presence of Red Hat errata and security advisories.

Technical summary

The vulnerability is caused by an integer underflow in FRRouting (FRR) versions stable/10.0 to stable/10.6. An attacker can exploit this vulnerability by supplying a crafted BGP UPDATE message, which can cause a Denial of Service (DoS). The vulnerability has a CVSS score of 7.5 and is classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness is classified as CWE-400 and CWE-191.

Defensive priority

This vulnerability has a high severity score and can be exploited by attackers to cause a Denial of Service (DoS). Therefore, it is essential to prioritize patching and mitigation efforts to minimize the risk.

Recommended defensive actions

  • Apply patches or updates to FRRouting (FRR) versions stable/10.0 to stable/10.6 to fix the integer underflow vulnerability.
  • Implement network segmentation and isolation to limit the attack surface.
  • Monitor network traffic and BGP UPDATE messages to detect potential exploitation attempts.
  • Consider implementing compensating controls, such as rate limiting or traffic filtering, to mitigate the risk.
  • Perform thorough inventory checks to identify affected FRRouting (FRR) installations.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its severity, CVSS score, and CVSS vector. Red Hat errata and security advisories indicate that Red Hat users may be affected. The presence of multiple source references, including GitHub commits and Bugzilla reports, suggests that the vulnerability has been thoroughly investigated and reported.

Official resources

This article is AI-assisted and based on the supplied source corpus.