CVE-2026-5107

low-risk

Published 2026-03-30

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

NETWORK / HIGH complexity

References (6)

https://github.com/FRRouting/frr/

https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045

https://github.com/FRRouting/frr/pull/21098

https://vuldb.com/submit/780123

https://vuldb.com/vuln/354132

https://vuldb.com/vuln/354132/cti

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal