Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
AnalysisAI
Buffer overflow in FastNetMon Community Edition through 1.2.9 allows a local attacker with no privileges to crash the FastNetMon process, disabling DDoS detection and network monitoring capabilities. The vulnerability is specifically tied to a sprintf-based overflow in the ExaBGP integration component, as documented in the Lorikeetsecurity advisory. This is one of at least three distinct buffer overflow vulnerabilities (alongside CVE-2026-48686 and CVE-2026-48689) identified in the same product version, suggesting a broader audit surfaced a class of unsafe string-handling bugs. No public exploit identified at time of analysis, and the impact is limited to availability (denial of service) with no confidentiality or integrity exposure.
Technical ContextAI
FastNetMon is an open-source high-performance DDoS detection tool that monitors network traffic and can trigger mitigation actions via integrations including ExaBGP, a BGP route injector. The referenced blog post title ('exabgp-sprintf-overflow') identifies the vulnerable component as the ExaBGP integration layer, where a sprintf call performs unbounded string formatting into a fixed-size buffer - a textbook CWE-120 (Buffer Copy without Checking Size of Input) defect. On overflow, the write corrupts adjacent stack or heap memory, leading to a process crash. The CVSS vector AV:L/AC:L/PR:N/UI:N indicates the attack is locally triggered with no privilege requirement, consistent with an attacker who can influence ExaBGP messages or the inter-process communication channel between ExaBGP and FastNetMon on the host. The affected CPE entry is listed as 'n/a' in NVD, but the GitHub repository and version cap (through 1.2.9) are the authoritative scope indicators.
RemediationAI
No vendor-released patch version has been identified at time of analysis. The GitHub repository at https://github.com/pavel-odintsov/fastnetmon should be monitored for a patched release addressing CVE-2026-48696, CVE-2026-48686, and CVE-2026-48689 collectively. As a compensating control, restrict the ExaBGP inter-process communication channel to trusted local processes only using OS-level access controls (e.g., Unix socket permissions, SELinux/AppArmor policy), which addresses the PR:N/AV:L attack surface by limiting who can send input to the vulnerable code path. Additionally, consider running FastNetMon under a process supervisor (systemd with Restart=always) so that a crash-induced DoS results in automatic restart, reducing the window of DDoS detection blindness. Be aware that automatic restarts do not prevent repeated crash loops if an attacker has persistent local access. Detailed technical context for this CVE is available at https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48696-exabgp-sprintf-overflow.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31950
GHSA-vpc6-j22r-6mf9