FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Routinator -- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected packages
routinator < 0.15.2

Details

VuXML ID e7be3859-6a58-11f1-bf61-3c7c3fba4204
Discovery 2026-06-08
Entry 2026-06-17

https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49233.txt reports:

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.

Thanks to X41 D-Sec GmbH for reporting the vulnerability.

[source]

References

CVE Name CVE-2026-49233
URL https://cveawg.mitre.org/api/cve/CVE-2026-49233

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.