Vanetza V2X denial of service (CVE-2026-37554)

Vendor-confirmed – CVE-2026-37554 is a high-severity denial of service in Vanetza V2X v26.02 that lets remote unauthenticated attackers crash the V2X receiver by sending malicious GeoNetworking packets. No vendor patch is available yet; apply the mitigations below.

Overview

CVE-2026-37554 resides in Vanetza’s GeoNetworking packet handling code. The vulnerability stems from improper exception handling in the packet processing pipeline. When OpenSSL fails to validate an ECC point during secure packet handling (e.g., an invalid compressed point or a point not on the curve), the openssl_wrapper.cpp check() function throws an openssl::Exception. Although the parser’s catch block in parse_secured() is designed to intercept these exceptions, they escape through subsequent processing stages — specifically the indicate_common and indicate_extended functions in the Router::indicate() call chain. This unhandled exception triggers std::terminate, causing the V2X application to crash immediately.

An unauthenticated attacker on the same network can craft a single malicious GeoNetworking packet to trigger this crash. No user interaction or elevated privileges are required, and the attack requires low complexity. The CVSS v3.1 base score is 7.5 (HIGH) with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Impact on Affected Systems

Any V2X receiver running Vanetza v26.02 and processing incoming GeoNetworking secured (GeoAuthHeader) packets is vulnerable. A crash causes the V2X application to terminate, cutting off the vehicle’s or roadside unit’s ability to receive and process V2X safety messages. This could disable collision warnings, emergency vehicle alerts, or traffic signal priority systems while the application is down. The attack can be repeated continuously, effectively creating a persistent denial-of-service condition against V2X communications.

Remediation and Mitigation

The Vanetza maintainers have not yet released a patch for CVE-2026-37554 as of this writing. Until a fixed version ships, implement the following mitigations:

• Deploy network intrusion detection rules that flag or drop malformed GeoNetworking packets, particularly those triggering ECC validation errors.
• Segment V2X network traffic onto isolated VLANs and restrict inbound GeoNetworking traffic to trusted sources only.
• Monitor V2X application logs for repeated crashes accompanied by OpenSSL exception messages, which indicate exploitation attempts.
• Consider running the V2X application under a process supervisor (e.g., systemd restart=always) to minimize downtime from potential crashes.

Security Insight

This vulnerability is a classic example of a simple coding oversight — a missing catch block in an exception chain — having outsized impact on safety-critical infrastructure. The V2X ecosystem is particularly sensitive because availability directly affects road safety; a crash isn’t just a service disruption, it can mean a missed safety message at a critical moment. Compare this to similar issues found in OT/ICS protocol stacks where exception handling gaps in parsers have been exploited to disable industrial controllers. Vanetza, as a widely used open-source V2X stack, would benefit from adopting structured exception-safety patterns — such as RAII wrappers for OpenSSL operations — to prevent entire classes of these bugs. For the latest on V2X security developments, see our security news section.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs