CVE-2026-48692
published 2026-05-26CVE-2026-48692: FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with…
PriorityP352high8.1CVSS 3.1
AVAACLPRNUINSUCHIHAN
EPSS
0.23%
14.1th percentile
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the given address without any authentication mechanism.' None of the RPC methods in src/api.cpp (ExecuteBan, ExecuteUnBan, GetBanlist, GetTotalTrafficCounters, etc.) perform any credential verification. The ExecuteBan and ExecuteUnBan methods trigger security-critical actions: BGP route announcements that can blackhole network traffic, and execution of external notification scripts via popen(). An attacker with local network access can ban arbitrary IP addresses (causing denial of service to legitimate traffic), unban active attacks (disabling DDoS mitigation), and trigger script execution. There is also no role-based access control separating read-only monitoring from destructive administrative operations.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pavel-odintsov | fastnetmon | <= 1.2.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [fedora-all]
bugzilla·2026-05-28·CVSS 8.1
CVE-2026-48692 [HIGH] CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [fedora-all]
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [epel-all]
bugzilla·2026-05-28·CVSS 8.1
CVE-2026-48692 [HIGH] CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [epel-all]
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API
bugzilla·2026-05-26·CVSS 8.1
CVE-2026-48692 [HIGH] CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API
CVE-2026-48692 fastnetmon: FastNetMon Community Edition: Denial of Service and arbitrary script execution via unauthenticated gRPC API
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the given address without any authentication mechanism.' None of the RPC methods in src/api.cpp (ExecuteBan, ExecuteUnBan, GetBanlist, GetTotalTrafficCounters, etc.) perform any credential verification. The ExecuteBan and ExecuteUnBan methods trigger security-critical actions: BGP route announcements that can blackhole network traffic, and execution of external notification scripts via po
2026-05-26
Published