CVE-2026-7736

HIGH 7.3

osrg GoBGP mrt.go parseRibEntry integer underflow

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.

CWE	CWE-191 CWE-189
Vendor	osrg
Product	gobgp
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for osrg gobgp

Be the first to know when new high vulnerabilities affecting osrg gobgp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

osrg / GoBGP

4.0 4.1 4.2 4.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360911 vuldb.com: https://vuldb.com/vuln/360911/cti vuldb.com: https://vuldb.com/submit/807604 github.com: https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592 github.com: https://github.com/osrg/gobgp/releases/tag/v4.4.0 github.com: https://github.com/osrg/gobgp/

Credits

🔍 Sunxj (VulDB User)