CVE-2026-5122 | osrg GoBGP up to 4.3.0 BGP OPEN Message pkg/packet/bgp/bgp.go DecodeFromBytes domainNameLen access control (ID 3343)

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability identified as problematic has been detected in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls.

This vulnerability was named CVE-2026-5122. The attack may be initiated remotely. There is no available exploit.

It is suggested to install a patch to address this issue.

CVE-2026-5122 | osrg GoBGP up to 4.3.0 BGP OPEN Message pkg/packet/bgp/bgp.go DecodeFromBytes domainNameLen access control (ID 3343)

Post correlati

CVE-2024-0052 | Google Android healthconnect information disclosure

CVE-2024-32888 | aws amazon-redshift-jdbc-driver up to 2.1.0.27 sql injection (GHSA-x3wm-hffr-chwm)

CVE-2026-33335 | go-vikunja up to 2.1.x improper authorization in handler for custom url scheme (GHSA-6q44-85gc-cjvf)

CVE-2024-51064 | PHPGurukul Teachers Record Management System 2.1 admin/queries.php tid sql injection