CVE-2026-5107 (GCVE-0-2026-5107)

Vulnerability from cvelistv5 – Published: 2026-03-30 05:00 – Updated: 2026-03-30 16:02 X_Open Source
VLAI?
Title
FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Summary
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
Severity ?
2.3 (Low)
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
4.2 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C
4.2 (Medium)
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
FRRouting FRR Affected: 10.5.0
Affected: 10.5.1
Create a notification for this product.
Credits
rensiru (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T16:01:58.307304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T16:02:10.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "EVPN Type-2 Route Handler"
          ],
          "product": "FRR",
          "vendor": "FRRouting",
          "versions": [
            {
              "status": "affected",
              "version": "10.5.0"
            },
            {
              "status": "affected",
              "version": "10.5.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "rensiru (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.6,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T05:00:19.025Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354132"
        },
        {
          "name": "VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354132/cti"
        },
        {
          "name": "Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780123"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/FRRouting/frr/pull/21098"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/FRRouting/frr/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-29T20:00:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5107",
    "datePublished": "2026-03-30T05:00:19.025Z",
    "dateReserved": "2026-03-29T17:55:46.788Z",
    "dateUpdated": "2026-03-30T16:02:10.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-5107",
      "date": "2026-05-06",
      "epss": "0.00016",
      "percentile": "0.0364"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-5107\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-03-30T06:16:05.510\",\"lastModified\":\"2026-04-29T22:01:48.407\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en FRRouting FRR hasta la versi\u00f3n 10.5.1. Esto afecta a la funci\u00f3n process_type2_route del archivo bgpd/bgp_evpn.c del componente Gestor de Rutas EVPN Tipo-2. La manipulaci\u00f3n conduce a controles de acceso inadecuados. El ataque puede iniciarse de forma remota. El ataque se considera de alta complejidad. La explotabilidad se reporta como dif\u00edcil. El identificador del parche es 7676cad65114aa23adde583d91d9d29e2debd045. Para solucionar este problema, se recomienda aplicar un parche.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frrouting:frrouting:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"602011E7-4715-4162-A3BE-7E487CBB632B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frrouting:frrouting:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E88B9B-6953-410D-B6FB-275BD59D3715\"}]}]}],\"references\":[{\"url\":\"https://github.com/FRRouting/frr/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/21098\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://vuldb.com/submit/780123\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/354132\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/vuln/354132/cti\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5107\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-30T16:01:58.307304Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-30T16:02:06.462Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"rensiru (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 3.6, \"vectorString\": \"AV:N/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"FRRouting\", \"modules\": [\"EVPN Type-2 Route Handler\"], \"product\": \"FRR\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5.0\"}, {\"status\": \"affected\", \"version\": \"10.5.1\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-29T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-03-29T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-03-29T20:00:50.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/354132\", \"name\": \"VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/354132/cti\", \"name\": \"VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/780123\", \"name\": \"Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/21098\", \"tags\": [\"issue-tracking\", \"patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-03-30T05:00:19.025Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-5107\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T16:02:10.336Z\", \"dateReserved\": \"2026-03-29T17:55:46.788Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-03-30T05:00:19.025Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.