GoBGP DoS Vulnerability (CVE-2026-41642) Patched in Version 4.4.0
The open-source Border Gateway Protocol (BGP) implementation GoBGP, specifically version 4.3.0, is vulnerable to a remote Denial of Service (DoS) attack, according to the National Vulnerability Database. This critical flaw, tracked as CVE-2026-41642, stems from a nil pointer dereference. Attackers can trigger this by sending a malformed BGP UPDATE message containing an unrecognized Path Attribute marked as “Well-known.”
This malicious message exploits a failure in the daemon’s handling logic, preventing it from properly interrupting the message flow. The result is an illegal memory access, leading to a full process crash (panic) of the GoBGP daemon. The National Vulnerability Database rates this with a CVSS score of 7.5 (HIGH).
This is not a theoretical issue. A BGP daemon crash can take down critical routing infrastructure. Defenders running GoBGP must understand that an unauthenticated, remote attacker can trigger this DoS. The good news is that the GoBGP development team has addressed this vulnerability in version 4.4.0. Organizations should prioritize upgrading immediately to mitigate this risk.
What This Means For You
- If your organization uses GoBGP, you need to check your version immediately. If you are running version 4.3.0 or earlier, you are exposed to a remote Denial of Service. Patch to version 4.4.0 without delay. A crashed BGP daemon means routing goes down, and so does your network.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
GoBGP DoS - Malformed BGP UPDATE Message (CVE-2026-41642)
title: GoBGP DoS - Malformed BGP UPDATE Message (CVE-2026-41642)
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
Detects the execution of the GoBGP daemon (gobgpd). This rule serves as a baseline indicator for systems running the vulnerable version of GoBGP. The actual DoS attack involves sending a malformed BGP UPDATE message, which would likely be observed in network traffic or application logs, not directly in process creation events. This rule is a proxy for identifying the potential target.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-41642/
tags:
- attack.impact
- attack.t1499
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- 'gobgpd'
CommandLine|contains:
- '--bgp-as'
# This rule assumes that the gobgpd process is started with specific command line arguments.
# The actual detection of the malformed BGP UPDATE message would typically happen within the GoBGP application logs or network traffic analysis, which are not directly supported by the provided log source categories and fields.
# Therefore, this rule focuses on the presence of the GoBGP daemon, which is the target of the vulnerability.
# A more effective detection would require network traffic analysis or application-level logging.
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41642 | Vulnerability | CVE-2026-41642 |
| CVE-2026-41642 | Affected Product | the Go Programming Language. In |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 15:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Risk
CVE-2026-6002 — Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS)....
DivvyDrive Critical CSRF Vulnerability: CVE-2026-5791 Poses Remote Attack Risk
CVE-2026-5791 — Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before...
DivvyDrive Stored XSS Vulnerability (CVE-2026-5784) Poses High Risk
CVE-2026-5784 — Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects...