CVE-2026-48696 - Vulnerability Details

- Buffer Overflow in FastNetMon Community Edition Exposes Remote Code Execution Risk

Description

FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.

Published: 2026-05-26

Score: 6.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

FastNetMon Community Edition through version 1.2.9 contains a buffer overflow vulnerability that, if exploited, could allow execution of arbitrary code on the host. The flaw arises in the handling of data by the ExaBGP module, a type of buffer overflow described by CWE-120. The description states the vulnerability exists, and yet the exact exploit path is not fully disclosed in the official CVE entry, so the potential impact is inferred from the nature of the vulnerability.

Affected Systems

Open‑source deployments of FastNetMon Community Edition at or below version 1.2.9 are affected. Because the source code is hosted on GitHub, any installation of these versions in a network monitoring environment should be evaluated; there is no vendor‑specific distribution listed.

Risk and Exploitability

With a CVSS score of 6.2 the vulnerability is considered medium to high severity, and its EPSS score is not available. The CVE’s references and the description of an ExaBGP module imply that the overflow could be triggered remotely by sending crafted network messages to the FastNetMon process. No indication exists that the issue is catalogued in CISA’s KEV, so it is not known to be actively exploited in the wild.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:*

No data.

Vendor Product Confidence Versions

Pavel-odintsov

Fastnetmon

80%

Version	Status	Scheme	Platform
`[0,1.2.9]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Identify FastNetMon Community Edition installations and confirm the exact version; any instance running 1.2.9 or earlier is affected.
If a newer release that addresses the buffer overflow is available, upgrade FastNetMon to that version.
Until an upgrade can occur, limit inbound traffic to the FastNetMon process by applying firewall rules or network segmentation to reduce exposure to crafted packets.

Generated by OpenCVE AI on May 27, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48696-exabgp-sprintf-overflow

History

Wed, 27 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:pavel-odintsov:fastnetmon:::::community:::*

Wed, 27 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in FastNetMon Community Edition Exposes Remote Code Execution Risk

Wed, 27 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Title	Buffer Overflow in FastNetMon Community Edition (v1.2.9 and earlier)
Weaknesses	CWE-119

Wed, 27 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-676
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pavel-odintsov Pavel-odintsov fastnetmon
Vendors & Products		Pavel-odintsov Pavel-odintsov fastnetmon

Tue, 26 May 2026 20:00:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in FastNetMon Community Edition (v1.2.9 and earlier)
Weaknesses		CWE-119 CWE-120

Tue, 26 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
References		https://github.com/pavel-odintsov/fastnetmon https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48696-exabgp-sprintf-overflow

Subscriptions

Pavel-odintsov Fastnetmon

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-26T00:00:00.000Z

Updated: 2026-05-27T00:23:14.417Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48696

Vulnrichment

Updated: 2026-05-27T00:22:19.254Z

NVD

Status : Analyzed

Published: 2026-05-26T18:16:53.057

Modified: 2026-05-27T15:42:28.483

Link: CVE-2026-48696

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T04:30:16Z

Weaknesses

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-676
Use of Potentially Dangerous Function

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object