CVE-2026-5107

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

Assigner: VulDB
Reserved: 29.03.2026 Published: 30.03.2026 Updated: 30.03.2026

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
CVSS Score: 2.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	High	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C
CVSS Score: 4.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C
CVSS Score: 4.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.0

CVSS Vector: AV:N/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C
CVSS Score: 3.6

Access Vector	Network	Confidentiality Impact	None
Access Complexity	High	Integrity Impact	Partial
Authentication	Single	Availability Impact	Partial

CVSS 2.0

Product Status

Vendor	FRRouting
Product	FRR
Versions	Version 10.5.0 is affected Version 10.5.1 is affected

Vendor

FRRouting

Product

FRR

Versions

Version 10.5.0 is affected
Version 10.5.1 is affected

Credits

rensiru (VulDB User) reporter

References

Problem Types