CVE-2026-44905: CWE-248: Uncaught Exception in riebl vanetza
CVE-2026-44905 is a high-severity denial-of-service vulnerability in the open-source riebl vanetza implementation of the ETSI C-ITS protocol suite. The flaw occurs in versions up to 26. 02 and earlier, where malformed V2X messages with invalid Psid subtypes bypass initial semantic checks during ASN. 1 decoding but cause an uncaught exception during cryptographic verification re-encoding. This uncaught std::runtime_error leads to immediate process termination, resulting in denial of service. The vulnerability has been fixed in commit e1a2e2709210d309458c3d77f98d50dec26c0df0. The vendor manages remediation for this cloud-hosted service. No known exploits are reported in the wild.
AI Analysis
Technical Summary
Vanetza versions up to 26.02 contain a denial-of-service vulnerability in the cryptographic verification pipeline caused by improper enforcement of semantic constraints on the Psid field during ASN.1 decoding of V2X messages. While initial parsing accepts malformed Psid subtypes, re-encoding during signature verification detects the violation and throws an uncaught std::runtime_error, causing the process to terminate abruptly. This vulnerability is tracked as CWE-248 (Uncaught Exception). It has a CVSS 3.1 score of 7.5 (High) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts availability only. The issue is fixed in commit e1a2e2709210d309458c3d77f98d50dec26c0df0.
Potential Impact
Successful exploitation causes immediate termination of the vanetza process handling V2X messages, resulting in denial of service. There is no impact on confidentiality or integrity. The vulnerability can be triggered remotely without authentication or user interaction.
Mitigation Recommendations
A fix is available and has been implemented in commit e1a2e2709210d309458c3d77f98d50dec26c0df0. Since vanetza is a cloud-hosted service, the vendor manages remediation server-side. Users should verify that their deployments are updated to this commit or later. Patch status is confirmed by the vendor advisory. No additional mitigation actions are required beyond applying the official fix.
CVE-2026-44905: CWE-248: Uncaught Exception in riebl vanetza
Description
CVE-2026-44905 is a high-severity denial-of-service vulnerability in the open-source riebl vanetza implementation of the ETSI C-ITS protocol suite. The flaw occurs in versions up to 26. 02 and earlier, where malformed V2X messages with invalid Psid subtypes bypass initial semantic checks during ASN. 1 decoding but cause an uncaught exception during cryptographic verification re-encoding. This uncaught std::runtime_error leads to immediate process termination, resulting in denial of service. The vulnerability has been fixed in commit e1a2e2709210d309458c3d77f98d50dec26c0df0. The vendor manages remediation for this cloud-hosted service. No known exploits are reported in the wild.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Vanetza versions up to 26.02 contain a denial-of-service vulnerability in the cryptographic verification pipeline caused by improper enforcement of semantic constraints on the Psid field during ASN.1 decoding of V2X messages. While initial parsing accepts malformed Psid subtypes, re-encoding during signature verification detects the violation and throws an uncaught std::runtime_error, causing the process to terminate abruptly. This vulnerability is tracked as CWE-248 (Uncaught Exception). It has a CVSS 3.1 score of 7.5 (High) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts availability only. The issue is fixed in commit e1a2e2709210d309458c3d77f98d50dec26c0df0.
Potential Impact
Successful exploitation causes immediate termination of the vanetza process handling V2X messages, resulting in denial of service. There is no impact on confidentiality or integrity. The vulnerability can be triggered remotely without authentication or user interaction.
Mitigation Recommendations
A fix is available and has been implemented in commit e1a2e2709210d309458c3d77f98d50dec26c0df0. Since vanetza is a cloud-hosted service, the vendor manages remediation server-side. Users should verify that their deployments are updated to this commit or later. Patch status is confirmed by the vendor advisory. No additional mitigation actions are required beyond applying the official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T21:50:33.547Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a161539e29bf47b506c53a3
Added to database: 5/26/2026, 9:48:41 PM
Last enriched: 5/26/2026, 10:04:03 PM
Last updated: 5/26/2026, 11:32:44 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.