CVE-2026-5107 LOW

CVE-2026-5107: FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

Vendor Frrouting

Product FRR

Weakness CWE-284

Published March 30, 2026

Last update March 30, 2026

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Key dates

02Disclosure timeline

March 30, 2026 CVE published

March 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-5107 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2026-5107

CWE CWE-284

CVSS 2.3 / LOW

Affected versions

Vendor Frrouting

Product FRR

Affected 10.5.0

Vendor Frrouting

Product FRR

Affected 10.5.1

CVE-2026-5107: FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

01Description

02Disclosure timeline

03References

04Related CVE