CVE-2026-5122
osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control
CVSS Score
3.7
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue.
| CWE | CWE-284 CWE-266 |
| Vendor | osrg |
| Product | gobgp |
| Published | Mar 30, 2026 |
| Last Updated | Mar 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for osrg gobgp
Be the first to know when new low vulnerabilities affecting osrg gobgp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
osrg / GoBGP
4.0 4.1 4.2 4.3.0
References
vuldb.com: https://vuldb.com/vuln/354154 vuldb.com: https://vuldb.com/vuln/354154/cti vuldb.com: https://vuldb.com/submit/780124 github.com: https://github.com/osrg/gobgp/pull/3343 github.com: https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d github.com: https://github.com/osrg/gobgp/
Credits
๐ rensiru (VulDB User)