Improper Access Control Vulnerability in osrg GoBGP Network Software
CVE-2026-5124

6.3MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-5124?

A security vulnerability exists in the osrg GoBGP software, specifically in the BGPHeader.DecodeFromBytes function found within the BGP Header Handler component. This flaw permits unauthorized access due to insufficient access controls, enabling potential remote exploitation. Despite the complexity associated with exploiting this vulnerability, it poses a security risk and requires immediate attention. Users of GoBGP versions up to 4.3.0 are advised to apply the latest patch identified in the project's commit history to safeguard their systems.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/354156

vdb-entrytechnical-description

https://vuldb.com/vuln/354156/cti

signaturepermissions-required

https://vuldb.com/submit/780189

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Sunxj (VulDB User)

CVE-2026-5124 Data

JSON

Osrg

What is CVE-2026-5124?

Affected Version(s)

References

CVSS V4

Timeline

Credit