CVE-2026-49233

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 08, 2026

Vendor unknown

Description

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.

References

https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49233.txt