GoBGP gobgpd v.4.2.0 Remote Denial of Service

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

GoBGP gobgpd v.4.2.0 Remote Denial of Service

CVE-2026-30405

Summary

A remote attacker can crash GoBGP's BGP daemon (gobgpd) by sending a specially crafted BGP message, making the system unavailable. This affects all systems running GoBGP gobgpd version 4.2.0. To fix, update to a patched version of GoBGP.

Original title

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Original description

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

https://github.com/osrg/gobgp/issues/3305

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026