GoBGP vulnerabilities
Summary
It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-37461) Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing 4-byte AS attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-41643) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing SRv6 L3 Service attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7734) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing Accumulated IGP (AIGP) attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7735) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) routing information entries. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7736) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) headers. A remote attacker could possibly use this issue to caus Affected Ubuntu releases: 26.04, 24.04, 22.04, 20.04, 18.04. CVEs: CVE-2026-7737, CVE-2026-37461, CVE-2026-7734, CVE-2026-41643, CVE-2026-7735, CVE-2026-7736.
- Ubuntu 26.04
- Ubuntu 24.04
- Ubuntu 22.04
- Ubuntu 20.04
- Ubuntu 18.04
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.