CVE-2026-5124
Improper Access Control in GoBGP BGPHeader Enables Remote Attack
Publication date: 2026-03-30
Last updated on: 2026-04-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osrg | gobgp | to 4.4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the osrg GoBGP software up to version 4.3.0, specifically in the BGPHeader.DecodeFromBytes function. The issue is that the function did not properly validate the 16-byte Marker field in the BGP message header, which according to RFC 4271 Section 6.1 must be entirely composed of 0xFF bytes.
Because this validation was missing, malformed BGP messages with incorrect Marker fields could be processed improperly, leading to improper access controls. The vulnerability can be exploited remotely but is considered to have high complexity and difficult exploitability.
The patch fixes this by adding checks to ensure the Marker field is valid and returns appropriate BGP NOTIFICATION messages if it is not, thereby improving protocol robustness and security.
How can this vulnerability impact me? :
This vulnerability can lead to improper access controls in the BGP Header Handler component of GoBGP, potentially allowing an attacker to send malformed BGP messages that bypass normal validation.
While the exploit is considered difficult due to high complexity, successful exploitation could disrupt BGP message processing, which is critical for routing protocols in networks.
Such disruption could affect network stability or security, potentially leading to unauthorized routing behavior or denial of service conditions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring BGP messages for malformed Marker fields in the BGP header. Specifically, the 16-byte Marker field must consist entirely of 0xFF bytes as per RFC 4271 Section 6.1. Any deviation from this indicates a malformed or potentially malicious BGP message.
To detect such malformed BGP messages on your network, you can capture BGP traffic and inspect the Marker field in the BGP header. Tools like tcpdump or Wireshark can be used to capture and analyze BGP packets.
- Use tcpdump to capture BGP packets on the relevant interface: tcpdump -i <interface> tcp port 179 -w bgp_capture.pcap
- Open the capture file in Wireshark and filter for BGP messages. Inspect the Marker field in the BGP header to verify it consists of all 0xFF bytes.
- Alternatively, use scripting or packet inspection tools to parse BGP headers and validate the Marker field bytes.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to deploy the patch identified by commit f0f24a2a901cbf159260698211ab15c583ced131 which adds validation for the Marker field in the BGPHeader.DecodeFromBytes function.
This patch ensures that malformed BGP messages with invalid Marker fields are rejected by sending a BGP NOTIFICATION message with appropriate error codes, preventing improper access and exploitation.
Until the patch can be applied, consider monitoring and filtering BGP messages with invalid Marker fields at the network edge to reduce exposure.