Routinator crashes on specifically crafted ASN strings in the API
CVE-2026-49234

8.2HIGH

Key Information:

What is CVE-2026-49234?

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.

This only affects users who allow API access from untrusted networks.

Routinator 0.15.2

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

X41 D-Sec GmbH

CVE-2026-49234 Data