CVE Catalog

CVE-2026-49232

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Routinator exits on any error when accepting incoming HTTP or RTR connections, including recoverable errors like running out of file descriptors. This condition can be maliciously triggered by an attacker by opening a large number of connections to the HTTP or RTR server.

Risk Assessment

This vulnerability affects users who make their HTTP or RTR server available to untrusted networks, potentially leading to service disruption.

Recommendation

It is recommended to restrict access to the HTTP or RTR server to trusted networks and to monitor the number of active connections to prevent attacks.

Original NVD description (English source)

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affects users that make their HTTP or RTR server available to untrusted networks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS