{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5107", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-29T17:55:46.788Z", "datePublished": "2026-03-30T05:00:19.025Z", "dateUpdated": "2026-03-30T16:02:10.336Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T05:00:19.025Z"}, "title": "FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "FRRouting", "product": "FRR", "versions": [{"version": "10.5.0", "status": "affected"}, {"version": "10.5.1", "status": "affected"}], "modules": ["EVPN Type-2 Route Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.6, "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-03-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-29T20:00:50.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rensiru (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354132", "name": "VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354132/cti", "name": "VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780123", "name": "Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FRRouting/frr/pull/21098", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045", "tags": ["patch"]}, {"url": "https://github.com/FRRouting/frr/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T16:01:58.307304Z", "id": "CVE-2026-5107", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T16:02:10.336Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T16:01:58.307304Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T16:02:06.462Z"}}], "cna": {"tags": ["x_open-source"], "title": "FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control", "credits": [{"lang": "en", "type": "reporter", "value": "rensiru (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.6, "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "FRRouting", "modules": ["EVPN Type-2 Route Handler"], "product": "FRR", "versions": [{"status": "affected", "version": "10.5.0"}, {"status": "affected", "version": "10.5.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-29T20:00:50.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354132", "name": "VDB-354132 | FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354132/cti", "name": "VDB-354132 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780123", "name": "Submit #780123 | FRRouting FRR 10.5.1 Improper Input Validation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FRRouting/frr/pull/21098", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045", "tags": ["patch"]}, {"url": "https://github.com/FRRouting/frr/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T05:00:19.025Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5107", "state": "PUBLISHED", "dateUpdated": "2026-03-30T16:02:10.336Z", "dateReserved": "2026-03-29T17:55:46.788Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-30T05:00:19.025Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch."}], "id": "CVE-2026-5107", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-30T06:16:05.510", "references": [{"source": "[email protected]", "url": "https://github.com/FRRouting/frr/"}, {"source": "[email protected]", "url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045"}, {"source": "[email protected]", "url": "https://github.com/FRRouting/frr/pull/21098"}, {"source": "[email protected]", "url": "https://vuldb.com/submit/780123"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/354132"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/354132/cti"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "10.5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "10.5.1"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 81.0, "source": "matching"}]}, "original": {"product": "FRR", "source": "cna", "vendor": "FRRouting"}, "product": "frrouting", "vendor": "frrouting"}], "analysis": {"en": {"generated_at": "2026-03-30T06:20:42.740662+00:00", "value": {"mitigation_remediation": ["Apply the patch with commit hash 7676cad65114aa23adde583d91d9d29e2debd045 or upgrade FRRouting FRR to a version later than 10.5.1 that contains the fix.", "Confirm installation by verifying the FRR version and reviewing configuration files for EVPN route handlers.", "Disable or restrict access to the EVPN Type\u20112 Route Interface until the upgrade is completed.", "Monitor BGP log entries for abnormal EVPN route events that may indicate attempted exploitation.", "Limit privileged network configuration access to trusted administrators and enforce strong authentication."], "summary": {"action": "Patch Now", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "FRRouting\u2019s FRR distribution, affected through all releases up to and including 10.5.1. No affected versions beyond 10.5.1 are listed, so newer releases should be verified for removal.", "description_and_impact": "The flaw resides in the EVPN Type\u20112 Route Handler within FRRouting FRR. An attacker can manipulate routing data via process_type2_route, resulting in improper access controls. This vulnerability allows a remote actor to gain unauthorized access to routing configuration, potentially altering or injecting routes into the BGP EVPN table. The impact is a breach of confidentiality and integrity of routing information, which can affect network reachability and service availability.", "risk_and_exploitability": "The CVSS score of 2.3 indicates low overall severity. Exploitability is considered difficult and the required attack complexity is high, with the attack vector being remote. No EPSS data or KEV listing is available, suggesting limited active exploitation. Nonetheless, administrators should treat the issue as an unauthorized access risk and apply the patch promptly."}}}}, "created": "2026-03-30T06:57:51.277200+00:00", "updated": "2026-03-30T07:03:40.933569+00:00", "vendors": ["frrouting", "frrouting$PRODUCT$frrouting"]}