CVE-2026-5107

MEDIUM 4.2

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

CVSS Score

4.2

EPSS Score

0.0%

EPSS Percentile

13th

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

CWE	CWE-284 CWE-266
Vendor	frrouting
Product	frr
Published	Mar 30, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for frrouting frr

Be the first to know when new medium vulnerabilities affecting frrouting frr are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

FRRouting / FRR

10.5.0 10.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/354132 vuldb.com: https://vuldb.com/vuln/354132/cti vuldb.com: https://vuldb.com/submit/780123 github.com: https://github.com/FRRouting/frr/pull/21098 github.com: https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045 github.com: https://github.com/FRRouting/frr/

Credits

🔍 rensiru (VulDB User)