CVE-2026-49234
Description
Routinator crashes when processing malformed ASN strings via its API, affecting users with untrusted network API access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Routinator crashes when processing malformed ASN strings via its API, affecting users with untrusted network API access.
Vulnerability
Routinator versions up to and including 0.15.1 are vulnerable to a crash when the /api/v1/origins endpoint receives a specifically crafted non-UTF-8 string as the select-asn query parameter. This vulnerability is only exploitable by users who permit API access from untrusted networks [1].
Exploitation
An attacker must have network access to the Routinator API endpoint and be able to send a crafted HTTP request. The attacker needs to send a request to /api/v1/origins with a select-asn query parameter containing a non-UTF-8 string, which triggers the crash [1].
Impact
Successful exploitation of this vulnerability causes the Routinator service to crash. This results in a denial-of-service condition, disrupting the normal operation of the service. The scope of the impact is limited to the Routinator instance itself [1].
Mitigation
Routinator version 0.15.2 and later contain a fix for this vulnerability. Users are advised to upgrade to Routinator 0.15.2 or a later version. The release date for the fixed version is not specified in the available references [1].
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.