CVE-2026-37554

Name of the Vulnerable Software and Affected Versions Vanetza V2X version 26.02

Description A flaw in the GeoNetworking packet processing pipeline allows remote unauthorized attackers to cause a denial of service. The issue occurs because OpenSSL exceptions resulting from ECC point validation (such as an invalid compressed point or a point not on the curve) are not properly handled by the Router::indicate() call chain. Specifically, the check() function in openssl wrapper.cpp throws an openssl::Exception upon failure. While the parse secured() function contains a catch block, the exception escapes through the indicate common and indicate extended processing stages, leading to std::terminate and crashing the V2X receiver.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.