CVE-2026-48695
published 2026-05-26CVE-2026-48695: FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in…
PriorityP357high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
1.07%
60.6th percentile
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pavel-odintsov | fastnetmon | <= 1.2.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vh5g-h8jm-q2cw: FastNetMon Community Edition through 1
ghsa_unreviewed·2026-05-26
CVE-2026-48695 [HIGH] CWE-78 GHSA-vh5g-h8jm-q2cw: FastNetMon Community Edition through 1
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
VulDB
FastNetMon Community Edition up to 1.2.9 Command-Line Argument fastnetmon_mikrotik.php _log msg os command injection
vuldb·2026-05-26·CVSS 8.1
CVE-2026-48695 [HIGH] FastNetMon Community Edition up to 1.2.9 Command-Line Argument fastnetmon_mikrotik.php _log msg os command injection
A vulnerability has been found in FastNetMon Community Edition up to 1.2.9 and classified as critical. This vulnerability affects the function _log of the file src/mikrotik_plugin/fastnetmon_mikrotik.php of the component Command-Line Argument Handler. The manipulation of the argument msg leads to os command injection.
This vulnerability is listed as CVE-2026-48695. The attack must be carried out from within the local network. There is no available exploit.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [fedora-all]
bugzilla·2026-05-28·CVSS 8.1
CVE-2026-48695 [HIGH] CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [fedora-all]
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [epel-all]
bugzilla·2026-05-28·CVSS 8.1
CVE-2026-48695 [HIGH] CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [epel-all]
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin
bugzilla·2026-05-26·CVSS 8.1
CVE-2026-48695 [HIGH] CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin
CVE-2026-48695 fastnetmon: OS command injection vulnerability in the MikroTik router integration plugin
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
2026-05-26
Published