cvedb.io
CVE-2026-49233
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-06-08T15:16:47.693 · Last modified 2026-06-17T10:55:36.250

Summary

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.

Affected products

nlnetlabs — routinator

Does this affect you?

Add your gear to cvedb and we'll alert you only when nlnetlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.