CVE 8.7 HIGH

Routinator exits when accepting an incoming HTTP or RTR connection fails_CVE-2026-49232

June 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Description

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.

This only affects users that make their HTTP or RTR server available to untrusted networks.

AI Analysis

Routinator exits on any error when accepting incoming HTTP or RTR connections, potentially triggered by an attacker opening a large number of connections

Basic Information

ID CVE-2026-49232

Source NLnet Labs

Published Jun 8, 2026 at 12:58

Modified Jun 8, 2026 at 15:38

Affected Product

Vendor NLnet Labs

Product Routinator

Version 0.15.2

CWE Classification

CWE-755

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor NLnet Labs

Product Routinator

Version 0.15.2

References

www.nlnetlabs.nl /downloads/routinator/CVE-2026-49232.txt

{
    "lastseen": "",
    "description": "Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.\n\nThis only affects users that make their HTTP or RTR server available to untrusted networks.",
    "published": "2026-06-08T12:58:37.695Z",
    "modified": "2026-06-08T15:38:10.504Z",
    "type": "cve",
    "title": "Routinator exits when accepting an incoming HTTP or RTR connection fails",
    "source": "NLnet Labs",
    "references": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt",
    "id": "CVE-2026-49232",
    "bulletinFamily": "",
    "cwe": [
        "CWE-755"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Routinator",
    "version": "0.15.2",
    "vendor": "NLnet Labs",
    "ai_description": "Routinator exits on any error when accepting incoming HTTP or RTR connections, potentially triggered by an attacker opening a large number of connections",
    "ai_severity": "High",
    "ai_vendor": "NLnet Labs",
    "ai_product": "Routinator",
    "ai_version": "0.15.2",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply