CVE-2026-7736
Publication date 4 May 2026
Last updated 6 June 2026
Ubuntu priority
Description
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gobgp | 26.04 LTS resolute |
Fixed 3.36.0-2ubuntu0.1~esm1
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Fixed 3.23.0-1ubuntu0.3+esm4
|
|
| 22.04 LTS jammy |
Fixed 2.25.0-3ubuntu0.1+esm4
|
|
| 20.04 LTS focal |
Fixed 2.12.0-1ubuntu0.1~esm3
|
|
| 18.04 LTS bionic |
Fixed 1.29-1ubuntu0.1+esm2
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.3 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-8348-1
- GoBGP vulnerabilities
- 3 June 2026