CVE-2026-48694
CVE-2026-48694 is a high-severity vulnerability in Pavel-odintsov Fastnetmon with a CVSS 3.x base score of 8.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-77.
Key facts
- Severity: High (CVSS 3.x base score 8.1)
- EPSS exploit prediction: 0% (14th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-31948
- Weakness: CWE-77
- Affected product: Pavel-odintsov Fastnetmon
- Published:
- Last modified:
Description
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.
Frequently asked questions
- What is CVE-2026-48694?
- FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.
- How severe is CVE-2026-48694?
- CVE-2026-48694 has a CVSS 3.x base score of 8.1, rated high severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability none.
- Is CVE-2026-48694 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (14th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-48694?
- CVE-2026-48694 affects Pavel-odintsov Fastnetmon. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-48694?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-48694 have an EU (EUVD) identifier?
- Yes. CVE-2026-48694 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-31948.
- When was CVE-2026-48694 published?
- CVE-2026-48694 was published on 2026-05-26 and last updated on 2026-06-17.
References
- https://github.com/pavel-odintsov/fastnetmon
- https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48694-juniper-netconf-injection
Affected products (1)
- cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:*
More vulnerabilities in Pavel-odintsov Fastnetmon
- CVE-2026-48689 — Critical (CVSS 9.8): FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the…
- CVE-2026-48691 — Critical (CVSS 9.8): FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In…
- CVE-2026-48687 — Critical (CVSS 9.8): FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router…
- CVE-2026-48686 — Critical (CVSS 9.8): FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer…
- CVE-2026-48695 — High (CVSS 8.1): FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router…
- CVE-2026-48692 — High (CVSS 8.1): FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism.…
All CVEs affecting Pavel-odintsov Fastnetmon →
Other CWE-77 (Command Injection) vulnerabilities
- CVE-2026-23652 — Critical (CVSS 10.0): Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an…
- CVE-2025-59818 — Critical (CVSS 10.0): This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file…
- CVE-2025-64093 — Critical (CVSS 10.0): Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the…
- CVE-2025-64090 — Critical (CVSS 10.0): This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
- CVE-2025-61492 — Critical (CVSS 10.0): A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to…
- CVE-2025-10035 — Critical (CVSS 10.0): A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged…