CVE-2026-26514

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions bird-lg-go versions prior to commit 6187a4e

Description A flaw exists in the traceroute module of bird-lg-go that allows for argument injection. The shlex.Split function is used to process user-supplied input without proper validation. This allows attackers to inject arbitrary flags, such as -w and -q, through the q parameter. Successful exploitation can lead to a Denial of Service (DoS) by consuming system resources. The vulnerable parameter is q.

Recommendations Update bird-lg-go to commit 6187a4e or a later version.

Fix

DoS

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2026-26514

Affected Products

Bird-Lg-Go

CVE-2026-26514

Weakness Enumeration

Related Identifiers

Affected Products

References · 7