Routinator 0.15.2 ‘Irgendwas ist immer’ released

We are pleased to announce the latest release of Routinator, version 0.15.2 ‘Irgendwas ist immer.’

Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow.

This release fixes a number of issues discovered during a security audit of Routinator performed earlier this year by X41 D-Sec which was kindly financed by Sovereign Tech Agency.

The security issues primarily are crashes when certain input data is encountered, there is, however, also a potential path traversal issue that would allow a malicious actor to manipulate the cached RPKI data. For four of these issues we have assigned CVEs, namely CVE-2026-49232 to CVE-2026-49235.

For a full list of changes, please refer to the release notes.

Related links:

• Routinator Github repository
• Routinator Documentation
• NLnet Labs RPKI Tools

software update