CVE•Published 2026-05-26•Modified 2026-05-27•1 article on news•5 live references•NVD data

CVE-2026-48691Pavel-odintsov · Fastnetmon

Vulnerability data via NVD (ingested)

CVSS v3.1

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS percentile

—

Weaknesses (CWE)

CWE-190Integer Overflow or Wraparound CWE-122Heap-based Buffer Overflow

Description

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with more than 255 ASNs.

Timeline

Published 2026-05-26

Modified 2026-05-27

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-48691

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Pavel-odintsov Fastnetmon"

All exposed Pavel-odintsov Fastnetmon instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Fastnetmon"

HTTP body or banner mentions "Fastnetmon" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-48691