CVE-2026-48693
Possible ATT&CK Techniques 1AI
T1552 · Unsecured CredentialsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48693
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function (src/fastnetmon_logic.cpp line 2186) opens this path with std::ios::trunc without checking for symlinks or using O_NOFOLLOW. Additionally, the chmod() call on line 2190 always operates on cli_stats_file_path regardless of which file_path parameter was passed (a bug that applies wrong permissions), and the umask is set to 0 during daemonization (src/fastnetmon.cpp line 1821), making all created files world-writable. A local attacker can exploit this to overwrite arbitrary files as the FastNetMon process user (typically root).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
FastNetMon 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FastNetMon是Pavel Odintsov个人开发者的一个基于多个数据包捕获引擎构建的高性能 DDoS 检测器/传感器。 FastNetMon Community Edition 1.2.9及之前版本存在安全漏洞,该漏洞源于使用可预测文件路径且未检查符号链接,可能导致本地符号链接攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2026-48693
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48693
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-48693 (1)
Other References for CVE-2026-48693 (1)
Same Patch Batch · n/a · 2026-05-26 · 31 CVEs total
| CVE-2026-9496 | 7.5 HIGH | pacote 安全漏洞 |
| CVE-2026-9580 | 7.3 HIGH | JeecgBoot selectDepart LoginController.selectDepart access control |
| CVE-2026-9495 | 7.3 HIGH | @koa/router 安全漏洞 |
| CVE-2026-9581 | 6.3 MEDIUM | JeecgBoot add access control |
| CVE-2026-9579 | 6.3 MEDIUM | JeecgBoot SysUser userEdit user.getUsername access control |
| CVE-2026-9541 | 5.3 MEDIUM | Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow |
| CVE-2026-9568 | 5.0 MEDIUM | ThingsBoard YAML provision getGatewayDockerComposeFile code injection |
| CVE-2026-9604 | 4.3 MEDIUM | JeecgBoot AiragModelController access control |
| CVE-2026-9572 | 3.3 LOW | GPAC MP4Box media.c Media_GetSample memory leak |
| CVE-2026-9567 | 3.3 LOW | GPAC MP4Box isom_intern.c MergeFragment null pointer dereference |
| CVE-2025-68709 | SailingLab AppLock 安全漏洞 | |
| CVE-2025-68711 | AppLockZ - TrustedApp App Lock and Fingerprint Lock 安全漏洞 | |
| CVE-2025-68708 | SailingLab AppLock 安全漏洞 | |
| CVE-2026-36239 | PbootCMS 安全漏洞 | |
| CVE-2025-68710 | Easyelife App Lock 安全漏洞 | |
| CVE-2026-48685 | FastNetMon 安全漏洞 | |
| CVE-2026-48689 | FastNetMon 缓冲区错误漏洞 | |
| CVE-2026-48694 | FastNetMon 安全漏洞 | |
| CVE-2026-48695 | FastNetMon 安全漏洞 | |
| CVE-2026-48696 | FastNetMon 安全漏洞 |
Showing top 20 of 31 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
V. Comments for CVE-2026-48693
No comments yet