CVE-2026-7736 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-7736

CVE-2026-7736

Published:May 04, 2026

Updated:May 16, 2026

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.

Affected Packages

https://github.com/osrg/gobgp.git (GITHUB):

Affected version(s) >=v1.0 <v4.4.0

Fix Suggestion:

Update to version v4.4.0

Related Resources (8)

https://github.com/osrg/gobgp/releases/tag/v4.4.0

https://github.com/osrg/gobgp

https://nvd.nist.gov/vuln/detail/CVE-2026-7736

https://github.com/osrg/gobgp/

https://vuldb.com/vuln/360911/cti

https://vuldb.com/vuln/360911

https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592

https://vuldb.com/submit/807604

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

NOT DEFINED

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Exploitability

NOT DEFINED

Weakness Type (CWE)

Integer Underflow (Wrap or Wraparound)

CWE-191

EPSS

Base Score:

0.08