CVE-2026-5107 — Vulnetix

CVE-2026-5107 PUBLISHED CVSS 2.299999952316284 LOW

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

EPSS 0.02% · 3.8th percentile

Risk Scores

CVSS 4.0

2.299999952316284

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

EPSS Score

0.02%

3.8th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Azure Linux
frrouting	frrouting	10.5.1, 10.5.0
FRRouting	FRR	10.5.0, 10.5.0, 10.5.1

Exploit Intelligence

CIRCL seen: CVE-2026-5107 (circl-sighting)
CIRCL seen: CVE-2026-5107 (circl-sighting)
VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control (circl)
VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation (circl)
https://github.com/FRRouting/frr/pull/21098 (circl)
https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045 (circl)
https://github.com/FRRouting/frr/ (circl)

Timeline

Mar 30, 2026 EPSS Score
Mar 30, 2026 CVE Published
Mar 30, 2026 PoC Published
Mar 30, 2026 Security Advisory
Apr 1, 2026 PoC Published
Apr 29, 2026 CVE Updated
May 5, 2026 Security Advisory
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score

References

Open in Interactive Console →