QwikSec

Security Database

CVE

CWE

Training

CVE-2026-5107

Published: Mar 30, 2026

Modified: Mar 30, 2026

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Vendor	Product	Versions
FRRouting	FRR	affected `10.5.0` affected `10.5.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

References

VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

vdb-entry

technical-description

VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation

third-party-advisory

https://github.com/FRRouting/frr/pull/21098

issue-tracking

patch

https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045

patch

https://github.com/FRRouting/frr/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.