FRRouting Vulnerability Allows Remote Data Manipulation
Summary
CERT-Bund issued a security advisory disclosing a medium-severity vulnerability (CVSS 4.2) in FRRouting Project FRRouting versions up to and including 10.5.1. A remote, authenticated attacker can exploit this flaw to manipulate data on affected systems. Mitigations are available; organizations using FRRouting on Linux or UNIX platforms are advised to apply them promptly.
What changed
CERT-Bund published advisory WID-SEC-2026-0914 detailing a data manipulation vulnerability in FRRouting, a widely used open-source Internet routing protocol suite for Linux and UNIX. The flaw carries a CVSS Base Score of 4.2 (Medium) and a Temporal Score of 3.7 (Low). Affected product: FRRouting Project FRRouting <=10.5.1. The vulnerability enables a remote, authenticated attacker to manipulate data on affected systems. A mitigation has been confirmed available by the vendor.
Organizations running FRRouting on Linux or UNIX must immediately inventory their deployments for affected versions (10.5.1 and earlier), apply the provided mitigations, and monitor for forthcoming patches. Priority should be given to systems exposed to untrusted network segments, as the attack requires authentication but can be executed remotely. No specific compliance deadline or penalty is stated in the advisory.
What to do next
- Inventory all FRRouting deployments to identify systems running version 10.5.1 or earlier on Linux and UNIX platforms.
- Apply available mitigations to affected FRRouting installations without delay, prioritizing internet-facing routing infrastructure.
- Monitor for vendor-issued patches and update to a patched version once released.
Archived snapshot
Mar 30, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0914] FRRouting Project FRRouting: Schwachstelle ermöglicht Manipulation von Daten CVSS Base Score 4.2 (mittel) CVSS Temporal Score 3.7 (niedrig) Remoteangriff ja Datum 29.03.2026 Stand 30.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
Produktbeschreibung
FRRouting (FRR) ist eine freie und quelloffene Internet-Routing-Protokollsuite für Linux- und Unix-Plattformen. Es implementiert BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric und VRRP, mit Alpha-Unterstützung für EIGRP und NHRP.
Produkte
29.03.2026
- FRRouting Project FRRouting <=10.5.1
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in FRRouting Project FRRouting ausnutzen, um Daten zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.