CVE•Published 2026-05-26•Modified 2026-05-27•0 articles on news•5 live references•NVD data

CVE-2026-48693Pavel-odintsov · Fastnetmon

Vulnerability data via NVD (ingested)

CVSS v3.1

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS percentile

—

Weaknesses (CWE)

CWE-59Improper Link Resolution Before File Access ('Link Following')

Description

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function (src/fastnetmon_logic.cpp line 2186) opens this path with std::ios::trunc without checking for symlinks or using O_NOFOLLOW. Additionally, the chmod() call on line 2190 always operates on cli_stats_file_path regardless of which file_path parameter was passed (a bug that applies wrong permissions), and the umask is set to 0 during daemonization (src/fastnetmon.cpp line 1821), making all created files world-writable. A local attacker can exploit this to overwrite arbitrary files as the FastNetMon process user (typically root).

Timeline

Published 2026-05-26

Modified 2026-05-27

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-48693

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Pavel-odintsov Fastnetmon"

All exposed Pavel-odintsov Fastnetmon instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Fastnetmon"

HTTP body or banner mentions "Fastnetmon" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-48693