CVE-2026-48689CRITICAL 9.8EPSS p47.8%

CVE-2026-48689CVE-2026-48689

Description

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the correct 'if (offset + length > maximum_internal_storage_size)'. This allows writing exactly one byte past the end of the heap-allocated buffer. The class is used pervasively in BGP message encoding/decoding, NetFlow template processing, and Flow Spec NLRI construction. An attacker who can send network traffic (NetFlow, sFlow, IPFIX, or BGP) to a FastNetMon instance can trigger this overflow, potentially achieving arbitrary code execution by corrupting heap metadata. Notably, the append_byte() method uses the correct bounds check, confirming the inconsistency.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.69% probability of exploitation · percentile 47.8% · 2026-06-19T12:03:05Z
Published2026-05-26
Last modified2026-05-27

Underlying weaknesses· 3

CWE-787CWE-122CWE-193

References

  1. https://github.com/pavel-odintsov/fastnetmon
  2. https://github.com/pavel-odintsov/fastnetmon/blob/master/src/dynamic_binary_buffer.hpp
  3. https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48689-dynamic-buffer-off-by-one

3

TypeTargetConfidenceTier
WeaknessHeap-based Buffer Overflowcwe-1220%live
WeaknessOff-by-one Errorcwe-1930%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-48686
CVE
CVE-2026-48682
CVE
CVE-2026-48692
CVE
CVE-2026-45686
CVE
CVE-2026-45681
CVE
CVE-2026-45684
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.