PatchSiren cyber security CVE debrief
CVE-2026-49232 NLnet Labs CVE debrief
CVE-2026-49232 is a high-severity vulnerability in Routinator, a software used for RPKI-based BGP route validation. The vulnerability has a CVSS score of 8.7 and can cause a denial of service (DoS) condition when accepting incoming HTTP or RTR connections. An attacker can trigger this condition by opening a large number of connections to the HTTP or RTR server, causing the software to exit on any error, including ones it can recover from, such as running out of file descriptors. This vulnerability only affects users who make their HTTP or RTR server available to untrusted networks.
- Vendor
- NLnet Labs
- Product
- Routinator
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users who make their HTTP or RTR server available to untrusted networks should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
CVE-2026-49232 is a denial of service vulnerability in Routinator that can be triggered by an attacker opening a large number of connections to the HTTP or RTR server. The vulnerability has a CVSS score of 8.7 and is considered high-severity.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Limit access to the HTTP or RTR server to trusted networks only.
- Monitor server resources and implement rate limiting to prevent abuse.
Evidence notes
The vulnerability was reported by [email protected] and is documented in CVE-2026-49232.txt [ref-4].
Official resources
-
CVE-2026-49232 CVE record
CVE.org
-
CVE-2026-49232 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-49232 was published on 2026-06-08T15:16:47.293Z and modified on 2026-06-09T15:20:23.743Z.