Skip to main content

GoBGP CVE-2026-30405

| EUVDEUVD-2026-12466 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-03-16 mitre GHSA-4p9m-8gc4-rw2h
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 17:19 euvd
EUVD-2026-12466
Analysis Generated
Mar 16, 2026 - 17:19 vuln.today
CVE Published
Mar 16, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

AnalysisAI

GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users.

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Share

CVE-2026-30405 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy