Denial-of-Service Vulnerability in Vanetza Open-Source Implementation
CVE-2026-44905

7.5HIGH

Key Information:

Vendor: Riebl
Status: Vanetza
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-44905?

A denial-of-service vulnerability has been identified in the Vanetza open-source implementation of the ETSI C-ITS protocol suite. This flaw resides within the cryptographic verification process when handling V2X messages. Specifically, the ASN.1 decoder incorrectly accepts packets with sub-optimal parameters, which leads to a logic flaw in protocol enforcement. Although the initial parsing phase lacks strict checks on specific fields, it later fails when attempting to re-encode a signing certificate with invalid identifiers. This oversight results in an uncaught runtime error that causes the process to terminate abruptly when the service tries to calculate a message hash for verification. The issue has been addressed in a subsequent commit.

Affected Version(s)

vanetza < e1a2e2709210d309458c3d77f98d50dec26c0df0 < e1a2e2709210d309458c3d77f98d50dec26c0df0

vanetza <= 26.02 <= 26.02

References

https://github.com/riebl/vanetza/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/riebl/vanetza/commit/e1a2e2709210d3094...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44905 Data

JSON

Riebl

What is CVE-2026-44905?

Affected Version(s)

References

CVSS V3.1

Timeline