By vendor
Nlnetlabs vulnerabilities
Known CVEs affecting Nlnetlabs products, prioritized by severity, with SEC.co remediation and detection guidance.
3 published vulnerabilities
- CVE-2026-49233HIGH 7.5
Routinator, a critical tool for validating BGP route origins, contains a path traversal vulnerability in how it processes rsync module names. An attacker can craft a malicious rsync URI with directory traversal sequences (like ..) in the module component, allowing unauthorized access to files outside the intended cache directory. This could expose the entire rsync cache to an unauthenticated attacker over the network.
- CVE-2026-49234HIGH 7.5
Routinator, an open-source RPKI relying party software maintained by NLnet Labs, crashes when it receives a malformed (non-UTF-8 encoded) query parameter in API requests. An attacker sending a specially crafted string to the /api/v1/origins endpoint can trigger a denial-of-service condition that takes the service offline. The vulnerability only affects deployments that expose the Routinator API to untrusted networks without additional access controls.
- CVE-2026-49235HIGH 7.5
Routinator, a RPKI validator from NLnet Labs, crashes when processing specially crafted XML files delivered through the RRDP protocol. An attacker can trigger this denial-of-service condition remotely without authentication, making the service unavailable to legitimate users who depend on it for RPKI validation.