CVE-2026-49234

UNKNOWN 0.0

Routinator crashes on specifically crafted ASN strings in the API

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.

CWE	CWE-20
Vendor	nlnet labs
Product	routinator
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for nlnet labs routinator

Be the first to know when new unknown vulnerabilities affecting nlnet labs routinator are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NLnet Labs / Routinator

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

nlnetlabs.nl: https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49234.txt

Credits

X41 D-Sec GmbH