CVE-2026-5122

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions through 4.3.0

Description A security issue exists in osrg GoBGP up to version 4.3.0. The issue resides in the DecodeFromBytes function within the pkg/packet/bgp/bgp.go file, specifically in the BGP OPEN Message Handler component. Manipulation of the domainNameLen argument can lead to improper access controls. The attack can be initiated remotely and requires a high degree of complexity, with exploitability reported as difficult.

Recommendations Install the patch 2b09db390a3d455808363c53e409afe6b1b86d2d to address this issue.