Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
AnalysisAI
GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.
Technical ContextAI
A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users.
RemediationAI
Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12466
GHSA-4p9m-8gc4-rw2h