CVE-2026-49235
HIGHDescription
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nlnetlabs | routinator |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-49235? +
How severe is CVE-2026-49235? +
What products are affected by CVE-2026-49235? +
How do I check if I'm vulnerable to CVE-2026-49235? +
Related Vulnerabilities
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability …
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as …