What is the CVSS score of CVE-2026-43988?

CVE-2026-43988 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Vanetza are affected by CVE-2026-43988?

Vanetza C-ITS platform versions 26.02 and earlier contain a remote denial-of-service vulnerability that allows attackers to crash transportation management systems via malformed network packets.. A patch is available.

Vanetza CVE-2026-43988

EUVD-2026-32005 HIGH

Uncaught Exception (CWE-248)

2026-05-26 GitHub_M

Information Disclosure

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

May 26, 2026 - 23:02 EUVD

Source Code Evidence Fetched

May 26, 2026 - 22:13 vuln.today

Analysis Generated

May 26, 2026 - 22:13 vuln.today

DescriptionNVD

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures (e.g., invalid length fields or malformed certificate encoding), the ASN.1 wrapper (asn1c_wrapper.cpp) raises a std::runtime_error. This exception is not caught at the parsing boundary and propagates to std::terminate, resulting in process termination. This vulnerability is fixed with commit 62dfe58a8342512b6e1947d75821402ada524f1a.

AnalysisAI

Remote denial of service in Vanetza 26.02 and earlier lets unauthenticated attackers crash the C-ITS protocol stack by sending malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encodings. The ASN.1 wrapper (asn1c_wrapper.cpp) raises a std::runtime_error that is never caught at the parsing boundary, so it propagates to std::terminate and kills the process. …

RemediationAI

Within 24 hours: Inventory all systems running Vanetza 26.02 or earlier and assess network exposure. Within 7 days: Implement network segmentation and access controls to restrict C-ITS system connectivity to trusted sources; deploy network-layer packet validation where available. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-43988 vulnerability details – vuln.today

Back

Vanetza CVE-2026-43988

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code