CVE-2026-5107

Microsoft · Azure Linux

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation lea

Description

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Affected Products

Vendor	Product	Versions
Microsoft	Azure Linux	10.5.0-1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
frrouting project	frrouting	cert_advisory	90%

References

Related News (3 articles)

Tier A

Microsoft MSRC4h ago

CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

→ No new info (linked only)

Tier B

CERT-FR12h ago

Vulnérabilité dans Microsoft Azure Linux (02 avril 2026)

→ No new info (linked only)

Tier B

BSI Advisories3d ago

[NEU] [niedrig] FRRouting Project FRRouting: Schwachstelle ermöglicht Manipulation von Daten

→ No new info (linked only)

CVSS 3.14.2 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-266, CWE-284

PublishedMar 30, 2026

Last enriched7m agov2

Trending Score37

Source articles3

Independent3

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 89

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Trending: 85

MEDIUMCVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them

Trending: 33

MEDIUMCVE-2026-32187

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

Trending: 26

HIGHCVE-2026-20929

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Trending: 25

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026

Updated: vendor, product, affectedVersions

Apr 2, 2026

Version History

Last enriched 7m ago

v2Tier B7m ago

Updated vendor to Microsoft, product to Azure Linux, added affected version 10.5.0-1, changed severity to HIGH, and marked exploit as available and actively exploited.

vendorproductaffectedVersions

via CERT-FR

v117h ago

Initial creation