CVE-2026-48684 - Vulnerability Details

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.

Published: 2026-05-26

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

FastNetMon Community Edition versions up to 1.2.9 contain a flaw in the NetFlow v9 options template parser that allows an attacker to read data beyond the bounds of a UDP packet. The parser loops over option scopes and values without validating the lengths, enabling a crafted packet to trigger memory over‑reads. An attacker may be able to disclose contents of memory adjacent to the packet buffer, potentially exposing sensitive data within the running system. The vulnerability is a classic buffer over‑read, classified by CWE-125.

Affected Systems

Systems running FastNetMon Community Edition before version 1.3.0 are vulnerable, specifically collectors that accept NetFlow v9 traffic over UDP. This includes any deployment that uses the default configuration for NetFlow v9 processing. Users should verify the exact version; versions 1.2.9 and earlier are affected.

Risk and Exploitability

No CVSS score is currently assigned and the EPSS score is not available, so the quantified risk level is unclear. However the vulnerability is remotely exploitable over the network using crafted UDP packets and can be triggered without user interaction. The lack of an official CISA KEV listing does not diminish the potential for abuse in environments that use NetFlow v9. Organizations should treat this as a medium‑to‑high risk until an official fix is released. The exploitation complexity appears low for an attacker who can send traffic to the collector’s UDP port.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Pavel-odintsov

Fastnetmon

80%

Version	Status	Scheme	Platform
`[0,1.2.9]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FastNetMon to a version newer than 1.2.9 that incorporates the NetFlow v9 options parsing fix.
If an upgrade is not immediately possible, restrict inbound NetFlow v9 traffic to trusted sources or block the UDP port used by FastNetMon with a firewall.
Optionally disable NetFlow v9 processing in the FastNetMon configuration until a patch becomes available.

Generated by OpenCVE AI on May 26, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48684-netflow-v9-options-oob

History

Tue, 26 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		FastNetMon NetFlow v9 Options Out-Of-Bounds Read
First Time appeared		Pavel-odintsov Pavel-odintsov fastnetmon
Weaknesses		CWE-125
Vendors & Products		Pavel-odintsov Pavel-odintsov fastnetmon

Tue, 26 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.
References		https://github.com/pavel-odintsov/fastnetmon https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48684-netflow-v9-options-oob

Subscriptions

Pavel-odintsov Fastnetmon

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-26T00:00:00.000Z

Updated: 2026-05-26T15:10:57.496Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48684

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T16:16:26.440

Modified: 2026-05-26T16:16:26.440

Link: CVE-2026-48684

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T16:30:10Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object