CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation lea

Description

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
frrouting project	frrouting	cert_advisory	90%

References

Related News (2 articles)

Tier A

Microsoft MSRC1h ago

CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

→ No new info (linked only)

Tier B

BSI Advisories2d ago

[NEU] [niedrig] FRRouting Project FRRouting: Schwachstelle ermöglicht Manipulation von Daten

→ No new info (linked only)

CVSS 3.14.2 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-266, CWE-284

PublishedMar 30, 2026

Last enriched14h ago

Trending Score35

Source articles2

Independent2

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026