Is there a patch available for CVE-2026-7734?

Yes, a patch is available for CVE-2026-7734. Update the affected software to the latest version immediately.

osrg GoBGP CVE-2026-7734

Q: What is the CVSS score of CVE-2026-7734?

CVE-2026-7734 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26914 MEDIUM

Improper Resource Shutdown or Release (CWE-404)

2026-05-04 VulDB

Denial Of Service Suse

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 04, 2026 - 06:30 vuln.today

Analysis Generated

May 04, 2026 - 06:30 vuln.today

CVSS changed

May 04, 2026 - 06:22 NVD

5.3 (MEDIUM) 6.9 (MEDIUM)

EUVD ID Assigned

May 04, 2026 - 06:00 euvd

EUVD-2026-26914

Analysis Generated

May 04, 2026 - 06:00 vuln.today

Patch released

May 04, 2026 - 06:00 nvd

Patch available

CVE Published

May 04, 2026 - 05:00 nvd

MEDIUM 6.9

DescriptionNVD

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from remote. Upgrading to version 4.4.0 will fix this issue. The name of the patch is f9f7b55ec258e514be0264871fa645a2c3edad11. You should upgrade the affected component.

AnalysisAI

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-7734 vulnerability details – vuln.today

Back

osrg GoBGP CVE-2026-7734

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

osrg GoBGP CVE-2026-7734

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code