CVE-2026-49232
Awaiting Analysis Awaiting Analysis - Queue

Routinator Exits on HTTP or RTR Connection Errors

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: NLnet Labs

Description
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affects users that make their HTTP or RTR server available to untrusted networks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-28
AI Q&A
2026-06-08
EPSS Evaluated
2026-06-27
NVD
CVE-2026-49232
EUVD
EUVD-2026-35062

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nlnetlabs routinator to 0.15.1 (inc)
nlnetlabs routinator 0.15.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-49232 is a vulnerability in Routinator versions up to and including 0.15.1 where the software exits whenever it encounters any error while accepting incoming HTTP or RTR connections. This includes errors that it could normally recover from, such as running out of file descriptors.

An attacker can exploit this vulnerability by opening a large number of connections to the HTTP or RTR server, causing Routinator to terminate unexpectedly.

This issue only affects users who make their HTTP or RTR server accessible to untrusted networks.

Impact Analysis

The vulnerability can cause Routinator to exit unexpectedly when under attack, leading to denial of service.

If you expose your HTTP or RTR server to untrusted networks, an attacker could exploit this by opening many connections, causing service disruption.

This could result in downtime or unavailability of the Routinator service, impacting any dependent systems or users.

Detection Guidance

This vulnerability can be detected by monitoring the Routinator service for unexpected exits or crashes when handling incoming HTTP or RTR connections.

Additionally, observing a large number of simultaneous connections to the HTTP or RTR server from untrusted sources may indicate an attempted exploitation.

Specific commands to help detect this condition include checking Routinator process status and logs, for example:

  • Use system process monitoring commands like `ps aux | grep routinator` to check if the Routinator process is running.
  • Check Routinator logs for error messages or unexpected shutdowns, e.g., `tail -f /var/log/routinator.log`.
  • Monitor network connections to the HTTP or RTR ports using commands like `netstat -anp | grep <routinator_port>` or `ss -s`.
  • Use tools like `lsof` to check for file descriptor usage, e.g., `lsof -p <routinator_pid>` to see if the process is running out of file descriptors.
Mitigation Strategies

The immediate and recommended mitigation step is to upgrade Routinator to version 0.15.2 or later, where this issue is fixed.

Additionally, restrict access to the HTTP or RTR server by not exposing it to untrusted networks to reduce the risk of exploitation.

Implement network-level protections such as firewalls or rate limiting to prevent an attacker from opening a large number of connections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart