8.2
CVE-2026-49234
- EPSS 0.26%
- Veröffentlicht 08.06.2026 12:58:58
- Zuletzt bearbeitet 12.06.2026 01:28:23
- Quelle sep@nlnetlabs.nl
- CVE-Watchlists
- Unerledigt
Routinator crashes on specifically crafted ASN strings in the API
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nlnetlabs ≫ Routinator Version < 0.15.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.17 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| sep@nlnetlabs.nl | 8.2 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49234.txt