CVE-2026-5107: Improper Access Controls in FRRouting FRR
CVE-2026-5107 is a vulnerability in FRRouting (FRR) versions up to 10. 5. 1, specifically in the EVPN Type-2 Route Handler function process_type2_route. It results in improper access controls that could be exploited remotely, though the attack complexity is high and exploitability is difficult. The vulnerability has a low CVSS score of 2. 3, indicating limited impact and requiring low privileges without user interaction. No known exploits are currently in the wild. A patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045 is available and should be applied to mitigate the issue. Organizations using FRR in their network infrastructure should prioritize patching to prevent potential unauthorized route manipulation.
AI Analysis
Technical Summary
CVE-2026-5107 affects the FRRouting (FRR) software, an open-source routing protocol suite widely used in network infrastructure for dynamic routing. The vulnerability resides in the EVPN Type-2 Route Handler, specifically within the function process_type2_route in the bgpd/bgp_evpn.c source file. Improper access control in this function can allow an attacker to manipulate routing information remotely. The flaw does not require user interaction and can be triggered over the network, but it demands a high level of attack complexity and low privileges, making exploitation difficult. The vulnerability impacts the integrity and availability of routing data by potentially allowing unauthorized route processing or injection. The CVSS v4.0 base score is 2.3, reflecting a low severity due to the limited scope and difficulty of exploitation. No public exploits or active attacks have been reported to date. The issue is fixed in a patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045, which should be applied promptly. This vulnerability highlights the importance of strict access controls in routing protocol implementations to prevent unauthorized route manipulation that could disrupt network operations or enable traffic interception.
Potential Impact
If exploited, this vulnerability could allow an attacker to manipulate EVPN Type-2 routes processed by FRRouting, potentially leading to unauthorized route injection or modification. This could disrupt network routing, cause traffic misdirection, or degrade network availability and integrity. However, due to the high complexity and difficulty of exploitation, as well as the low privileges required, the risk of widespread or automated attacks is limited. Organizations relying on FRR for critical network routing, especially in data centers or service provider environments using EVPN, could face network instability or targeted attacks aiming to intercept or reroute traffic. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to sophisticated attackers. Overall, the impact is moderate but should not be ignored given the critical role of routing infrastructure in network security and availability.
Mitigation Recommendations
Organizations should promptly apply the official patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045 to FRRouting versions 10.5.0 and 10.5.1 to remediate this vulnerability. Network administrators should audit their FRR deployments to confirm affected versions and upgrade to patched releases. Implement network segmentation and strict access controls to limit exposure of routing protocol interfaces to trusted management networks only. Employ monitoring and anomaly detection for unusual EVPN route updates or BGP behavior that could indicate exploitation attempts. Regularly review and harden routing protocol configurations to minimize attack surface. Additionally, maintain up-to-date inventories of routing software versions and subscribe to vendor security advisories to ensure timely patching of future vulnerabilities.
Affected Countries
United States, Germany, France, United Kingdom, Japan, South Korea, China, India, Brazil, Australia, Canada
CVE-2026-5107: Improper Access Controls in FRRouting FRR
Description
CVE-2026-5107 is a vulnerability in FRRouting (FRR) versions up to 10. 5. 1, specifically in the EVPN Type-2 Route Handler function process_type2_route. It results in improper access controls that could be exploited remotely, though the attack complexity is high and exploitability is difficult. The vulnerability has a low CVSS score of 2. 3, indicating limited impact and requiring low privileges without user interaction. No known exploits are currently in the wild. A patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045 is available and should be applied to mitigate the issue. Organizations using FRR in their network infrastructure should prioritize patching to prevent potential unauthorized route manipulation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-5107 affects the FRRouting (FRR) software, an open-source routing protocol suite widely used in network infrastructure for dynamic routing. The vulnerability resides in the EVPN Type-2 Route Handler, specifically within the function process_type2_route in the bgpd/bgp_evpn.c source file. Improper access control in this function can allow an attacker to manipulate routing information remotely. The flaw does not require user interaction and can be triggered over the network, but it demands a high level of attack complexity and low privileges, making exploitation difficult. The vulnerability impacts the integrity and availability of routing data by potentially allowing unauthorized route processing or injection. The CVSS v4.0 base score is 2.3, reflecting a low severity due to the limited scope and difficulty of exploitation. No public exploits or active attacks have been reported to date. The issue is fixed in a patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045, which should be applied promptly. This vulnerability highlights the importance of strict access controls in routing protocol implementations to prevent unauthorized route manipulation that could disrupt network operations or enable traffic interception.
Potential Impact
If exploited, this vulnerability could allow an attacker to manipulate EVPN Type-2 routes processed by FRRouting, potentially leading to unauthorized route injection or modification. This could disrupt network routing, cause traffic misdirection, or degrade network availability and integrity. However, due to the high complexity and difficulty of exploitation, as well as the low privileges required, the risk of widespread or automated attacks is limited. Organizations relying on FRR for critical network routing, especially in data centers or service provider environments using EVPN, could face network instability or targeted attacks aiming to intercept or reroute traffic. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to sophisticated attackers. Overall, the impact is moderate but should not be ignored given the critical role of routing infrastructure in network security and availability.
Mitigation Recommendations
Organizations should promptly apply the official patch identified by commit 7676cad65114aa23adde583d91d9d29e2debd045 to FRRouting versions 10.5.0 and 10.5.1 to remediate this vulnerability. Network administrators should audit their FRR deployments to confirm affected versions and upgrade to patched releases. Implement network segmentation and strict access controls to limit exposure of routing protocol interfaces to trusted management networks only. Employ monitoring and anomaly detection for unusual EVPN route updates or BGP behavior that could indicate exploitation attempts. Regularly review and harden routing protocol configurations to minimize attack surface. Additionally, maintain up-to-date inventories of routing software versions and subscribe to vendor security advisories to ensure timely patching of future vulnerabilities.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-29T17:55:46.788Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ca0c48e6bfc5ba1dd16be4
Added to database: 3/30/2026, 5:38:16 AM
Last enriched: 3/30/2026, 5:53:23 AM
Last updated: 3/30/2026, 9:45:47 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.