CVE-2026-49234
HIGH WAF: Medium
CVSS 7.5
Published: 2026-06-08
CWE-20
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nlnetlabs | routinator | up to 0.15.2 |
References
- www.nlnetlabs.nl (Vendor Advisory)