Routinator
by Routinator
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49234 | Hig | 0.53 | — | — | Jun 8, 2026 | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks. | ||
| CVE-2026-49235 | Hig | 0.50 | — | — | Jun 8, 2026 | When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. | ||
| CVE-2026-49232 | Hig | 0.50 | — | — | Jun 8, 2026 | Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR… | ||
| CVE-2026-49233 | Hig | 0.47 | — | — | Jun 8, 2026 | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator… |
- risk 0.53cvss —epss —
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
- risk 0.50cvss —epss —
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
- risk 0.50cvss —epss —
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR…
- risk 0.47cvss —epss —
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator…