CVE-2026-49235: Routinator crashes when encountering maliciously crafted RRDP XML files

June 8, 2026 (updated June 12, 2026)

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.

References

github.com/NLnetLabs/routinator/releases/tag/v0.15.2
github.com/advisories/GHSA-5qf9-cf9c-hjc6
nvd.nist.gov/vuln/detail/CVE-2026-49235
www.nlnetlabs.nl/downloads/routinator/CVE-2026-49235.txt

Code Behaviors & Features

Detect and mitigate CVE-2026-49235 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →