CVE-2026-49233

HIGH(7.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score24/100 — NIEDRIG

CVSS 7.5 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.5

Technische Schwere

Beschreibung

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.

GitHub Advisories

GHSA-33mj-99mg-8g73HIGH

Routinator has cache path traversal when processing the module component of rsync URIs

rust/routinator→ 0.15.2

GitHub Advisory

Referenzen

https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49233.txt