{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49232", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2026-05-28T08:28:56.664Z", "datePublished": "2026-06-08T12:58:37.695Z", "dateUpdated": "2026-06-08T15:38:10.504Z"}, "containers": {"cna": {"title": "Routinator exits when accepting an incoming HTTP or RTR connection fails", "datePublic": "2026-06-08T00:00:00.000Z", "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"version": "0.15.2", "status": "unaffected", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.\n\nThis only affects users that make their HTTP or RTR server available to untrusted networks."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "type": "CWE"}]}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.15.2 and all later versions."}], "timeline": [{"time": "2026-03-28T00:00:00.000Z", "lang": "en", "value": "Issue reported"}, {"time": "2026-06-08T00:00:00.000Z", "lang": "en", "value": "Fixes released"}], "credits": [{"lang": "en", "value": "X41 D-Sec GmbH", "type": "finder"}], "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-06-08T12:58:37.695Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T15:38:04.659833Z", "id": "CVE-2026-49232", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T15:38:10.504Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-49232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-08T15:38:04.659833Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T15:38:07.264Z"}}], "cna": {"title": "Routinator exits when accepting an incoming HTTP or RTR connection fails", "credits": [{"lang": "en", "type": "finder", "value": "X41 D-Sec GmbH"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"status": "unaffected", "version": "0.15.2", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-28T00:00:00.000Z", "value": "Issue reported"}, {"lang": "en", "time": "2026-06-08T00:00:00.000Z", "value": "Fixes released"}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.15.2 and all later versions."}], "datePublic": "2026-06-08T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.\n\nThis only affects users that make their HTTP or RTR server available to untrusted networks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-06-08T12:58:37.695Z"}}}, "cveMetadata": {"cveId": "CVE-2026-49232", "state": "PUBLISHED", "dateUpdated": "2026-06-08T15:38:10.504Z", "dateReserved": "2026-05-28T08:28:56.664Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2026-06-08T12:58:37.695Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.\n\nThis only affects users that make their HTTP or RTR server available to untrusted networks."}], "id": "CVE-2026-49232", "lastModified": "2026-06-09T15:20:23.743", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}, "published": "2026-06-08T15:16:47.293", "references": [{"source": "sep@nlnetlabs.nl", "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0.15.2,*]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Routinator", "source": "cna", "vendor": "NLnet Labs"}, "product": "routinator", "vendor": "nlnetlabs"}], "created": "2026-06-08T15:30:27.233958+00:00", "updated": "2026-06-08T16:00:14.482871+00:00", "vendors": ["nlnetlabs", "nlnetlabs$PRODUCT$routinator"]}