Vulnerability Details CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-49233
-
cpe:2.3:a:nlnetlabs:routinator:-
-
cpe:2.3:a:nlnetlabs:routinator:0.1.0
-
cpe:2.3:a:nlnetlabs:routinator:0.1.1
-
cpe:2.3:a:nlnetlabs:routinator:0.1.2
-
cpe:2.3:a:nlnetlabs:routinator:0.10.0
-
cpe:2.3:a:nlnetlabs:routinator:0.10.1
-
cpe:2.3:a:nlnetlabs:routinator:0.10.2
-
cpe:2.3:a:nlnetlabs:routinator:0.12.1
-
cpe:2.3:a:nlnetlabs:routinator:0.12.2
-
cpe:2.3:a:nlnetlabs:routinator:0.13.0
-
cpe:2.3:a:nlnetlabs:routinator:0.13.1
-
cpe:2.3:a:nlnetlabs:routinator:0.13.2
-
cpe:2.3:a:nlnetlabs:routinator:0.14.0
-
cpe:2.3:a:nlnetlabs:routinator:0.14.1
-
cpe:2.3:a:nlnetlabs:routinator:0.14.2
-
cpe:2.3:a:nlnetlabs:routinator:0.15.0
-
cpe:2.3:a:nlnetlabs:routinator:0.15.1
-
cpe:2.3:a:nlnetlabs:routinator:0.2.0
-
cpe:2.3:a:nlnetlabs:routinator:0.2.1
-
cpe:2.3:a:nlnetlabs:routinator:0.3.0
-
cpe:2.3:a:nlnetlabs:routinator:0.3.1
-
cpe:2.3:a:nlnetlabs:routinator:0.3.2
-
cpe:2.3:a:nlnetlabs:routinator:0.3.3
-
cpe:2.3:a:nlnetlabs:routinator:0.4.0
-
cpe:2.3:a:nlnetlabs:routinator:0.5.0
-
cpe:2.3:a:nlnetlabs:routinator:0.6.0
-
cpe:2.3:a:nlnetlabs:routinator:0.6.1
-
cpe:2.3:a:nlnetlabs:routinator:0.6.2
-
cpe:2.3:a:nlnetlabs:routinator:0.6.3
-
cpe:2.3:a:nlnetlabs:routinator:0.6.4
-
cpe:2.3:a:nlnetlabs:routinator:0.7.0
-
cpe:2.3:a:nlnetlabs:routinator:0.7.1
-
cpe:2.3:a:nlnetlabs:routinator:0.8.0
-
cpe:2.3:a:nlnetlabs:routinator:0.8.1
-
cpe:2.3:a:nlnetlabs:routinator:0.8.2
-
cpe:2.3:a:nlnetlabs:routinator:0.8.3
-
cpe:2.3:a:nlnetlabs:routinator:0.9.0