Changeflow GovPing Data Privacy & Cybersecurity Azure Linux FRR Vulnerability CVE-2026-5107
Routine Notice Added Final

Azure Linux FRR Vulnerability CVE-2026-5107

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR published advisory CERTFR-2026-AVI-0389 notifying of a vulnerability in Microsoft Azure Linux affecting the frr 10.5.0-1 package on azl3. The vulnerability, tracked as CVE-2026-5107 (published by Microsoft on March 31, 2026), allows an attacker to cause an unspecified security issue. Organizations using affected versions should apply the vendor patch updating to version 10.5.0-2.

View original document View source feed page

What changed

CERT-FR has issued a security advisory regarding CVE-2026-5107, a vulnerability in Microsoft Azure Linux's frr routing package version 10.5.0-1. The vulnerability allows an attacker to cause an unspecified security issue, though the risk level has not been specified by Microsoft. The affected package is frr 10.5.0-1 on Azure Linux azl3.

Organizations running Azure Linux azl3 with frr package versions prior to 10.5.0-2 should immediately consult Microsoft's security bulletin and apply the available patch to upgrade to version 10.5.0-2. No compliance deadline or penalty information is specified in this advisory. Security teams should reference Microsoft's CVE-2026-5107 page for patch availability and implementation guidance.

What to do next

  1. Review Azure Linux azl3 systems for frr package versions
  2. Apply Microsoft patch to upgrade frr to version 10.5.0-2
  3. Monitor Microsoft's CVE-2026-5107 security bulletin for additional guidance

Archived snapshot

Apr 2, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 02 avril 2026 N° CERTFR-2026-AVI-0389 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans Microsoft Azure Linux

Gestion du document

| Référence | CERTFR-2026-AVI-0389 |
| Titre | Vulnérabilité dans Microsoft Azure Linux |
| Date de la première version | 02 avril 2026 |
| Date de la dernière version | 02 avril 2026 |
| Source(s) | Bulletin de sécurité Microsoft CVE-2026-5107 du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Non spécifié par l'éditeur

Systèmes affectés

  • azl3 frr 10.5.0-1 versions antérieures à 10.5.0-2

Résumé

Une vulnérabilité a été découverte dans Microsoft Azure Linux. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 02 avril 2026 Version initiale

Named provisions

Risque Systèmes affectés Résumé Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Schneider Electric Vulnerabilities, Data Integrity and Confidentiality Risk
Priority review Apr 14, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Python CPython Remote Denial of Service Vulnerability
Routine Apr 15, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Critical Adobe Acrobat Vulnerability CVE-2026-34621 Actively Exploited
Urgent Apr 13, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CERT-FR
Published
April 2nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0389

Who this affects

Applies to
Technology companies Government agencies Public companies
Industry sector
5112 Software & Technology 5182 Data Processing & Hosting 9211 Government & Public Administration
Activity scope
Vulnerability Management Patch Management System Security
Threshold
azl3 frr 10.5.0-1 versions antérieures à 10.5.0-2
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NERC CIP
Topics
Data Privacy Critical Infrastructure

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 319 Consumer Protection 48 Courts & Legal 361 Data Privacy & Cybersecurity 77 Defense & National Security 51 Education 24 Energy 100 Environment 86 Environmental & Energy 17 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 278 Government Operations 98 Healthcare 134 Healthcare & Life Sciences 12 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 58 Labor & Employment 115 Legal & Judicial 16 Pharma & Drug Safety 101 Pharma & Healthcare 1 Public Health 2 Real Estate & Housing 32 Sanctions & Export Controls 1 Securities & Investments 15 Securities & Markets 103 Securities Regulation 6 Tax 65 Tax & Revenue 8 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 63

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!