CVE-2026-49232
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
Routinator exits on any error when accepting incoming HTTP or RTR connections, including recoverable errors like running out of file descriptors. This condition can be maliciously triggered by an attacker by opening a large number of connections to the HTTP or RTR server.
Risk Assessment
This vulnerability affects users who make their HTTP or RTR server available to untrusted networks, potentially leading to service disruption.
Recommendation
It is recommended to restrict access to the HTTP or RTR server to trusted networks and to monitor the number of active connections to prevent attacks.
Original NVD description (English source)
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affects users that make their HTTP or RTR server available to untrusted networks.

