CVE-2026-7734

MEDIUM EPSS 36.8%
Published May 4, 20261mo ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Medium
Find Similar
Published May 4, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from remote. Upgrading to version 4.4.0 will fix this issue. The name of the patch is f9f7b55ec258e514be0264871fa645a2c3edad11. You should upgrade the affected component.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
36.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-404

Affected Products 1

VendorProductVersionRange
osrggobgp* <4.4.0

References 6

  • github.com https://github.com/osrg/gobgp/
    Product
  • github.com https://github.com/osrg/gobgp/commit/f9f7b55ec258e514be0264871fa645a2c3edad11
    Patch
  • github.com https://github.com/osrg/gobgp/releases/tag/v4.4.0
    PatchProduct
  • vuldb.com https://vuldb.com/submit/807581
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/360909
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/360909/cti
    Permissions RequiredVDB Entry

Remediation

  • github.com https://github.com/osrg/gobgp/commit/f9f7b55ec258e514be0264871fa645a2c3edad11
    Patch
  • github.com https://github.com/osrg/gobgp/releases/tag/v4.4.0
    PatchProduct