Integer Overflow Vulnerability in FRRouting OSPF Parsing Functions
CVE-2026-28532

6MEDIUM

Key Information:

Vendor: Frrouting
Status: Frr
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-28532?

FRRouting versions prior to 10.5.3 are susceptible to an integer overflow vulnerability found in several OSPF Traffic Engineering and Segment Routing TLV parser functions. This vulnerability occurs when a uint16_t accumulator variable truncates larger uint32_t values generated by the TLV_SIZE() macro. As a result, the condition for loop termination can fail, leading to unchecked pointer advancement. Cybercriminals with an established OSPF adjacency can exploit this weakness by sending specially crafted LS Update packets containing malicious Type 10 or Type 11 Opaque LSA. Successfully exploiting this vulnerability can initiate out-of-bounds memory reads and may cause all routers within the affected OSPF area or autonomous system to crash.

Affected Version(s)

frr 0 <= 10.5.3

References

https://github.com/FRRouting/frr/releases/tag/frr-10.5.3

release-notes

https://github.com/FRRouting/frr/pull/21002

issue-tracking

https://github.com/FRRouting/frr/commit/f098decf02987fbf1...

patch

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Feb 27, 2026

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.

VulnCheck

CVE-2026-28532 Data

JSON

Frrouting

What is CVE-2026-28532?

Affected Version(s)

References

CVSS V4

Timeline

Credit