CVE-2026-26514

Published: Mar 4, 2026

Modified: Mar 4, 2026

PUBLISHED

Description

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can be exploited to cause a Denial of Service (DoS) by exhausting system resources.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/xddxdd/bird-lg-go/issues/136

https://github.com/xddxdd/bird-lg-go/commit/6187a4e3afce6d8c29568f8c72ca497d1f5a2b56

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-26514

Description

Affected Products

References