The CVE number for this vulnerability is CVE-2026-49234.

== Summary
Routinator crashes on specifically crafted ASN strings in the API

== Affected products
Routinator up to and including 0.15.1.

== Description
When sending a specifically crafted non-UTF-8 string as select-asn query
parameter to the /api/v1/origins endpoint, Routinator crashes. 

This only affects users who allow API access from untrusted networks.

== Solution
Install Routinator 0.15.2 or later.

== Acknowledgments
We would like to thank X41 D-Sec GmbH for finding the vulnerability.