Cyber Posture

CVE-2026-41643

HighPublic PoC

Published: 07 May 2026

Published
07 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 29.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41643 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Osrg Gobgp. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

NVD Description

GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error:…

more

index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not properly handled. This issue has been patched in version 4.3.0.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-129

Affected Products

osrg
gobgp
≤ 4.3.0

CVEs Like This One

CVE-2026-41642Same product: Osrg Gobgp
CVE-2026-7736Same product: Osrg Gobgp
CVE-2026-30405Same product: Osrg Gobgp
CVE-2026-7735Same product: Osrg Gobgp
CVE-2024-45582Shared CWE-129
CVE-2023-53019Shared CWE-129
CVE-2024-49837Shared CWE-129
CVE-2024-45569Shared CWE-129
CVE-2026-23354Shared CWE-129
CVE-2024-49834Shared CWE-129

References