CVE-2026-49233EPSS p34.5%

CVE-2026-49233CVE-2026-49233

nlnetlabs / routinator

Description

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.43% probability of exploitation · percentile 34.5% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-49235
CVE
CVE-2026-49232
CVE
CVE-2025-57790
CVE
CVE-2025-62630
CVE
CVE-2026-22907
CVE
CVE-2026-36500
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.