osrg GoBGP Buffer Overflow (CVE-2026-7735) Poses Remote Threat
The National Vulnerability Database has disclosed CVE-2026-7735, a high-severity buffer overflow vulnerability impacting osrg GoBGP versions up to 4.3.0. Specifically, the flaw resides in the PathAttributeAigp.DecodeFromBytes function within the pkg/packet/bgp/bgp.go file, affecting the AIGP Attribute Parser component.
This vulnerability, rated 7.3 (HIGH) on the CVSS scale, allows for remote exploitation. An attacker can manipulate the AIGP attribute to trigger a buffer overflow, potentially leading to denial-of-service, information disclosure, or even remote code execution, though the National Vulnerability Database’s vector indicates lower impact on confidentiality, integrity, and availability.
Defenders leveraging GoBGP in their network infrastructure should prioritize upgrading to version 4.4.0 immediately. The patch, identified as 51ad1ada06cb41ce47b7066799981816f50b7ced, directly addresses this critical parsing issue. Failing to patch leaves the BGP routing infrastructure exposed to remote attack, which can have cascading effects on network stability and reachability.
What This Means For You
- If your network relies on osrg GoBGP, you are directly exposed. This isn't theoretical; a remote buffer overflow in a core routing component is a CISO's nightmare. Check your GoBGP version numbers *now*. If you're running 4.3.0 or older, upgrade to 4.4.0 without delay. Your network's routing integrity is at stake.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 6 SIEM formats5 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-7735
title: Web Application Exploitation Attempt — CVE-2026-7735
id: scw-2026-05-04-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-7735 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-05-04
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7735/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-7735
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7735 | Buffer Overflow | osrg GoBGP versions up to 4.3.0 |
| CVE-2026-7735 | Buffer Overflow | pkg/packet/bgp/bgp.go:PathAttributeAigp.DecodeFromBytes |
| CVE-2026-7735 | Buffer Overflow | AIGP Attribute Parser component |
| CVE-2026-7735 | Patch | Upgrade to osrg GoBGP version 4.4.0 or apply patch 51ad1ada06cb41ce47b7066799981816f50b7ced |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 04, 2026 at 09:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7738 — Puchunjie Doc-Tools-Mcp Path Traversal
CVE-2026-7738 — A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP...
CVE-2026-7737 — Osrg GoBGP Out-of-Bounds $1
CVE-2026-7737 — A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of...
CVE-2026-7736: GoBGP Integer Underflow Threatens BGP Routing
CVE-2026-7736 — A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing...