Denial of Service Vulnerability in osrg GoBGP Affecting SRv6 L3 Service
CVE-2026-7734

6.9MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-7734?

A denial of service vulnerability has been identified in osrg GoBGP versions up to 4.3.0, specifically within the SRv6 L3 Service's method SRv6L3ServiceAttribute.DecodeFromBytes. An attacker can exploit this vulnerability by manipulating the argument data, potentially leading to service disruptions. This vulnerability can be triggered remotely, highlighting the importance of upgrading to version 4.4.0, which addresses this issue. The corresponding patch is identified by commit f9f7b55ec258e514be0264871fa645a2c3edad11.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/360909

vdb-entrytechnical-description

https://vuldb.com/vuln/360909/cti

signaturepermissions-required

https://vuldb.com/submit/807581

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 3, 2026

Credit

rensiru (VulDB User)

CVE-2026-7734 Data

JSON

Osrg

What is CVE-2026-7734?

Affected Version(s)

References

CVSS V4

Timeline

Credit