Improper Access Control in FRRouting Software by FRR Vendor
CVE-2026-5107

2.3LOW

Key Information:

Vendor: Frrouting
Status: Frr
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-5107?

A vulnerability has been identified in the FRRouting FRR software that affects versions up to 10.5.1, specifically within the process_type2_route function of the bgpd/bgp_evpn.c file. This vulnerability allows for improper access controls which malicious actors can exploit remotely. The complexity of the attack is rated as high, making it challenging to execute successfully. Users are urged to apply the available patch to mitigate this security risk effectively.

Affected Version(s)

FRR 10.5.0

FRR 10.5.1

References

https://vuldb.com/vuln/354132

vdb-entrytechnical-description

https://vuldb.com/vuln/354132/cti

signaturepermissions-required

https://vuldb.com/submit/780123

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 29, 2026

Credit

rensiru (VulDB User)

CVE-2026-5107 Data

JSON

Frrouting

What is CVE-2026-5107?

Affected Version(s)

References

CVSS V4

Timeline

Credit