Primary

Context

Routinator Path Traversal Vulnerability via Malicious Rsync URIs

Vulnerability

Patched

A path traversal vulnerability has been identified in Routinator versions prior to and including 0.15.1. The issue arises because Routinator fails to properly validate the module component of rsync URIs. These URIs are used to generate file system paths for the Routinator cache. As a result, an attacker could craft a module name containing '..' to traverse directories, potentially gaining access to the entire Routinator rsync cache.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the Routinator rsync cache, allowing an attacker to manipulate or retrieve cached data.

Remediation

Users are advised to upgrade to Routinator version 0.15.2 or later.

Added: Jun 8, 2026, 3:25 PM

Updated: Jun 8, 2026, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.0

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.0

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Routinator Path Traversal Vulnerability via Malicious Rsync URIs

Vulnerability

Impact

Remediation

Affected Products

NLnet Labs Routinator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating