Access Control Flaw in GoBGP BGP OPEN Message Handler by osrg
CVE-2026-5122

6.3MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-5122?

A vulnerability in osrg's GoBGP, specifically within the DecodeFromBytes function of the BGP OPEN Message Handler, could lead to improper access controls. This flaw allows for potential remote exploitation through manipulation of the domainNameLen argument. Although the complexity of executing this attack is significant, it is crucial for users of GoBGP to implement the provided patch to protect their systems from potential threats.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/354154

vdb-entrytechnical-description

https://vuldb.com/vuln/354154/cti

signaturepermissions-required

https://vuldb.com/submit/780124

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

rensiru (VulDB User)

CVE-2026-5122 Data

JSON

Osrg

What is CVE-2026-5122?

Affected Version(s)

References

CVSS V4

Timeline

Credit