CVE-2026-49232

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
08/06/2026
Last modified:
09/06/2026

Description

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.<br /> <br /> This only affects users that make their HTTP or RTR server available to untrusted networks.

References to Advisories, Solutions, and Tools