The SUSE Product Security Team released an update for FRRouting (frr) that fixes four distinct vulnerabilities. CVE-2026-5107 addresses improper access controls in the EVPN Type-2 Route Handler. CVE-2026-28532 hardens the Traffic Engineering/Segment Routing TLV iteration process against malformed length values. CVE-2026-37457 fixes an off-by-one error in the FlowSpec operator array bounds checking, which could lead to memory safety issues. CVE-2026-37458 ensures proper validation of the MP_REACH_NLRI attribute to prevent incorrect next-hop information. These fixes improve the robustness and security of the routing software. No patch links or affected versions are explicitly provided in the data.

The vulnerabilities fixed by this update could allow improper access, processing of malformed routing information, and incorrect validation of routing attributes, potentially leading to routing errors or security bypasses. The exact impact depends on the exploitation of these flaws within the routing environment. No known exploits in the wild have been reported at this time.

A security update has been released by the SUSE Product Security Team addressing these vulnerabilities. Users of the affected FRRouting software should apply the official update as provided by SUSE to remediate these issues. Patch status is not explicitly confirmed in the provided data; therefore, users should consult the SUSE advisory SUSE-SU-2026:2455-1 for detailed remediation instructions and to confirm patch availability.