Medium severity6.5NVD Advisory· Published May 4, 2026· Updated May 11, 2026
CVE-2026-37458
CVE-2026-37458
Description
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/opensuse/frr&distro=openSUSE%20Tumbleweedpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 10.6.1-1.1+ 11 more
- (no CPE)range: < 10.6.1-1.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-8.16.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 10.2.6-160000.1.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 10.2.6-160000.1.1
- (no CPE)range: < 8.5.7-8.16.1
Patches
Vulnerability mechanics
References
2News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026