CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

CVSS v3 4.2 MEDIUM
CVSS v2.0 3.6 LOW

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/FRRouting/frr/	Product
https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045	Patch
https://github.com/FRRouting/frr/pull/21098	Issue Tracking Patch
https://vuldb.com/submit/780123	Third Party Advisory VDB Entry
https://vuldb.com/vuln/354132	Third Party Advisory VDB Entry
https://vuldb.com/vuln/354132/cti	Permissions Required VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:frrouting:frrouting:10.5.0:::::::*
	cpe:2.3:a:frrouting:frrouting:10.5.1:::::::*

History

29 Apr 2026, 22:01

Type	Values Removed	Values Added
References	~~() https://github.com/FRRouting/frr/ -~~	() https://github.com/FRRouting/frr/ - Product
References	~~() https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045 -~~	() https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045 - Patch
References	~~() https://github.com/FRRouting/frr/pull/21098 -~~	() https://github.com/FRRouting/frr/pull/21098 - Issue Tracking, Patch
References	~~() https://vuldb.com/submit/780123 -~~	() https://vuldb.com/submit/780123 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/vuln/354132 -~~	() https://vuldb.com/vuln/354132 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/vuln/354132/cti -~~	() https://vuldb.com/vuln/354132/cti - Permissions Required, VDB Entry
Summary		(es) Se ha encontrado una vulnerabilidad en FRRouting FRR hasta la versión 10.5.1. Esto afecta a la función process_type2_route del archivo bgpd/bgp_evpn.c del componente Gestor de Rutas EVPN Tipo-2. La manipulación conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. El ataque se considera de alta complejidad. La explotabilidad se reporta como difícil. El identificador del parche es 7676cad65114aa23adde583d91d9d29e2debd045. Para solucionar este problema, se recomienda aplicar un parche.
CPE		cpe:2.3:a:frrouting:frrouting:10.5.0:::::::* cpe:2.3:a:frrouting:frrouting:10.5.1:::::::*
First Time		Frrouting frrouting Frrouting

30 Mar 2026, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 06:16

Updated : 2026-04-29 22:01

NVD link : CVE-2026-5107

Mitre link : CVE-2026-5107

CVE.ORG link : CVE-2026-5107

JSON object : View

Products Affected

frrouting

frrouting

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

4.2 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2026-5107

4.2^/10

3.6^/10

Attach tags to `CVE-2026-5107`