The CVE number for this vulnerability is CVE-2026-49232.

== Summary
Routinator exits when accepting an incoming HTTP or RTR connection fails

== Affected products
Routinator up to and including 0.15.1.

== Description
Routinator exits on any error when accepting incoming HTTP or RTR connections,
including ones it can recover from such as running out of file descriptors.
This condition can be triggered maliciously by an attacker by opening a large
number of connections to the HTTP or RTR server.

This only affects users that make their HTTP or RTR server available to 
untrusted networks.

== Solution
Install Routinator 0.15.2 or later.

== Acknowledgments
We would like to thank X41 D-Sec GmbH for finding the vulnerability.