CVE-2026-5107 — Incorrect Privilege Assignment in FRR

CWE-266 — Incorrect Privilege Assignment CWE-284 — Improper Access Control CWE-807 — Reliance on Untrusted Inputs in a Security Decision8 documents8 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 85.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Frrouting FRR Debian FRR

Timeline

PublishedMar 30

Latest updateApr 15

Description

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Debianfrrouting/frr< 10.6.0-2

▶CVEListV5frrouting/frr10.5.0, 10.5.1+1

▶debiandebian/frr< frr 10.6.0-2 (forky)

🔴Vulnerability Details

GHSA

GHSA-27p7-fq6v-hh4m: A vulnerability has been found in FRRouting FRR up to 10↗2026-03-30

▶

OSV

CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10↗2026-03-30

▶

📋Vendor Advisories

Ubuntu

FRR vulnerability↗2026-04-15

▶

Red Hat

FRRouting FRR: frr: FRRouting FRR: Improper access controls in EVPN Type-2 Route Handler↗2026-03-30

▶

Debian

CVE-2026-5107: frr - A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the f...↗2026

▶

Citrix

Citrix Security Bulletin CTX116228↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5107 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶