CVE Catalog

CVE-2026-49234

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

20th percentile - higher than 20% of all known CVEs

Summary

CVE-2026-49234 vulnerability causes Routinator to crash when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the /api/v1/origins endpoint.

Risk Assessment

The risk affects users who allow API access from untrusted networks, potentially leading to service downtime.

Recommendation

It is recommended to restrict API access to trusted networks only and to monitor logs for potential exploitation attempts.

Original NVD description (English source)

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS