Vulnerabilities ›

CVE-2026-7736

High

CWE-189 — Weakness Type

                    Published: May 4, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.

🤖 AI Executive Summary

CVE-2026-7736 is an integer underflow vulnerability in osrg GoBGP versions up to 4.3.0 affecting the parseRibEntry function in pkg/packet/mrt/mrt.go. This remotely exploitable vulnerability can be mitigated by upgrading to version 4.4.0 or applying the specified patch.

📄 Description (Arabic)

ثغرة تجاوز عدد صحيح في دالة parseRibEntry بملف pkg/packet/mrt/mrt.go في osrg GoBGP تسمح بالاستغلال عن بعد. يمكن للمهاجمين التلاعب بمعالجة بيانات MRT لتجاوز حدود الأعداد الصحيحة مما قد يؤدي إلى سلوك غير متوقع.

🤖 ملخص تنفيذي (AI)

CVE-2026-7736 هو ثغرة تجاوز عدد صحيح في إصدارات osrg GoBGP حتى 4.3.0 تؤثر على وظيفة parseRibEntry. يمكن استغلال هذه الثغرة عن بعد ويتم حلها بالترقية إلى الإصدار 4.4.0.

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 13:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom energy government

🎯 MITRE ATT&CK Techniques

T1190 T1498 T1499

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade osrg GoBGP to version 4.4.0 or later. If immediate upgrade is not possible, apply patch 76d911046344a3923cbe573364197aa081944592. Restrict network access to GoBGP services using firewall rules and network segmentation. Monitor BGP traffic for anomalous patterns and implement input validation controls.

🔧 خطوات المعالجة (العربية)

قم بترقية osrg GoBGP إلى الإصدار 4.4.0 أو أحدث فوراً. إذا لم تكن الترقية ممكنة، طبق التصحيح المحدد. قيد الوصول إلى خدمات GoBGP باستخدام قواعد جدار الحماية. راقب حركة BGP للكشف عن الأنماط غير الطبيعية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.BE-1 PR.IP-1 PR.IP-12

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 6

🔗

https://github.com/osrg/gobgp/

cna@vuldb.com

Product

🔗

https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592

cna@vuldb.com

Patch

🔗

https://github.com/osrg/gobgp/releases/tag/v4.4.0

cna@vuldb.com

Patch Product

🔗

https://vuldb.com/submit/807604

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/360911

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/360911/cti

cna@vuldb.com

Permissions Required VDB Entry

📦 Affected Products / CPE 1 entries

osrg:gobgp

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-189

EPSS0.06%

Exploit No

Patch ✓ Yes

Published 2026-05-04

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-189

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-7736

💬 Comments

Introduce Yourself

Sign In Required