CVE-2026-48694HIGH 8.1EPSS p14.0%

CVE-2026-48694CVE-2026-48694

Description

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.23% probability of exploitation · percentile 14.0% · 2026-06-18T12:00:27Z
Published2026-05-26
Last modified2026-05-26

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/pavel-odintsov/fastnetmon
  2. https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48694-juniper-netconf-injection

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-48695
CVE
CVE-2026-48692
CVE
CVE-2026-48686
CVE
CVE-2026-48682
CVE
CVE-2026-48689
CVE
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.