Denial of Service Flaw in Vanetza V2X by Riebl
CVE-2026-37554

7.5HIGH

Key Information:

Vendor: Riebl
Status: Vanetza V2X
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-37554?

A vulnerability in Vanetza V2X version 26.02 exposes the system to remote denial of service attacks. The flaw resides in the GeoNetworking packet processing where exceptions from OpenSSL during ECC point validation are not effectively caught. This oversight leads to unhandled exceptions propagating through processing stages, ultimately causing the V2X receiver to crash when std::terminate is invoked. Proper handling of these exceptions is essential to ensure system stability and security for V2X communications.

References

https://github.com/riebl/vanetza

https://github.com/riebl/vanetza/blob/master/vanetza/secu...

https://github.com/riebl/vanetza/blob/master/vanetza/geon...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-37554 Data

JSON