Integer Underflow in osrg GoBGP Affects Network Routing Efficiency
CVE-2026-7736

6.9MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-7736?

A vulnerability exists in osrg GoBGP versions up to 4.3.0 within the parseRibEntry function in the mrt.go file, allowing for integer underflow through remote manipulation. This flaw exposes the system to potential exploitation, emphasizing the necessity for users to upgrade to version 4.4.0, which addresses this critical issue through the application of patch 76d911046344a3923cbe573364197aa081944592.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/360911

vdb-entrytechnical-description

https://vuldb.com/vuln/360911/cti

signaturepermissions-required

https://vuldb.com/submit/807604

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 3, 2026

Credit

Sunxj (VulDB User)

CVE-2026-7736 Data

JSON