Every CVE whose affected-product data names Nlnetlabs Routinator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-39916 — CVSS 9.3 (critical): NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal…
CVE-2021-41531 — CVSS 7.5 (high): NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a…
CVE-2021-43172 — CVSS 7.5 (high): NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a…
CVE-2021-43173 — CVSS 7.5 (high): In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly…
CVE-2021-43174 — CVSS 7.5 (high): NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This…
CVE-2022-3029 — CVSS 7.5 (high): In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that…
CVE-2023-39915 — CVSS 7.5 (high): NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to…
CVE-2024-1622 — CVSS 7.5 (high): Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after…
CVE-2026-49233 — CVSS 7.5 (high): Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator…
CVE-2026-49234 — CVSS 7.5 (high): When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes…
CVE-2026-49235 — CVSS 7.5 (high): When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2020-17366 — CVSS 7.4 (high): An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or…