What is CVE-2026-49943?

CVE-2026-49943 is a medium-severity vulnerability in Nic Bird, classified under Stack-based Buffer Overflow. CVSS score: 6.3/10. Published 2026-06-02.

How severe is CVE-2026-49943?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2026-49943 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Nic Bird

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entri…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (12.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Nic Bird — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

9Bakabaka/CVE-2026-49943-PoC

References

Frequently asked questions

What is CVE-2026-49943?: CVE-2026-49943 is a medium-severity vulnerability in Nic Bird, classified under Stack-based Buffer Overflow. CVSS score: 6.3/10. Published 2026-06-02.
How severe is CVE-2026-49943?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2026-49943 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.