CVE-2026-48696

Vulnerability

A stack buffer overflow vulnerability exists in FastNetMon Community Edition through version 1.2.9. The function exabgp_prefix_ban_manage() in src/actions/exabgp_action.cpp uses sprintf() to format an ExaBGP command into a fixed 256-byte stack buffer. The format string includes three variable-length parameters: prefix, next-hop, and community list. While prefix and next-hop are bounded, the community list read from the configuration file fastnetmon.conf has no length validation. An attacker who can modify this configuration can cause the community list to exceed the remaining buffer space, leading to a stack buffer overflow [1].

Exploitation

Exploitation requires the ability to modify the exabgp_community value in fastnetmon.conf. This is a local attack vector, as the configuration file is typically editable by the system administrator or an attacker with sufficient privileges. By setting a long community list (e.g., 30+ communities), the attacker triggers an overflow of approximately 74 bytes for 30 communities, or up to 200 bytes for 40 communities, which is sufficient to overwrite the saved return address on x86_64 [1].

Impact

Successful exploitation allows an attacker to overwrite the stack return address, leading to arbitrary code execution with the privileges of the FastNetMon daemon. This can result in full compromise of the affected system, including potential data exfiltration, denial of service, or further lateral movement [1].

Mitigation

As of the publication date (May 26, 2026), no patched version has been released by FastNetMon LTD. Users are advised to restrict access to the fastnetmon.conf configuration file to trusted administrators only, and to monitor for updates from the vendor. The affected code path is only reachable if ExaBGP integration is enabled. Disabling ExaBGP actions may mitigate the risk until a fix is available [1].