EUVD-2026-17060
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
Analysis
Remote improper access control in FRRouting FRR up to version 10.5.1 allows authenticated remote attackers to bypass authorization checks in the EVPN Type-2 Route Handler (process_type2_route function), potentially leading to integrity and availability impacts. The vulnerability requires high attack complexity and authenticated access (PR:L), limiting immediate exploitation risk. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Debian
Bug #1132329| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 7.5.1-1.1+deb11u2 | - |
| bullseye (security) | vulnerable | 7.5.1-1.1+deb11u4 | - |
| bookworm, bookworm (security) | vulnerable | 8.4.4-1.1~deb12u1 | - |
| trixie | vulnerable | 10.3-3 | - |
| forky | vulnerable | 10.5.3-1 | - |
| sid | fixed | 10.6.0-2 | - |
| (unstable) | fixed | 10.6.0-2 | - |
Share
External POC / Exploit Code
Leaving vuln.today