Detections
Analytics

FreeBSD : Routinator -- CWE-755 Improper Handling of Exceptional Conditions (b1c6c691-6a57-11f1-bf61-3c7c3fba4204)

high Nessus Plugin ID 321615

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b1c6c691-6a57-11f1-bf61-3c7c3fba4204 advisory.

 https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt reports:
 Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server.

 This only affects users that make their HTTP or RTR server available to untrusted networks.
 Thanks to X41 D-Sec GmbH for reporting the vulnerability.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cveawg.mitre.org/api/cve/CVE-2026-49232

http://www.nessus.org/u?dd98dcd5

Plugin Details

Severity: High

ID: 321615

File Name: freebsd_pkg_b1c6c6916a5711f1bf613c7c3fba4204.nasl

Version: 1.1

Type: Local

Published: 6/20/2026

Updated: 6/20/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2026-49232

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 6.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:routinator, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2026

Vulnerability Publication Date: 6/8/2026

Reference Information

CVE: CVE-2026-49232