CVE-2026-5124

MEDIUM EPSS 20.4%
Published Mar 30, 20263mo ago · Modified Jun 17, 20261w ago
6.3 CVSS 4.0
Medium
Find Similar
Published Mar 30, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The identifier of the patch is f0f24a2a901cbf159260698211ab15c583ced131. To fix this issue, it is recommended to deploy a patch.

CVSS Details

Base Score
6.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
20.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-266
CWE-284

Affected Products 1

VendorProductVersionRange
osrggobgp* <4.4.0

References 6

  • github.com https://github.com/osrg/gobgp/
    Product
  • github.com https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131
    Patch
  • github.com https://github.com/osrg/gobgp/pull/3340
    Issue Tracking
  • vuldb.com https://vuldb.com/submit/780189
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/354156
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/354156/cti
    Permissions RequiredVDB Entry

Remediation

  • github.com https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131
    Patch