CVE-2026-48693: n/a
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function (src/fastnetmon_logic.cpp line 2186) opens this path with std::ios::trunc without checking for symlinks or using O_NOFOLLOW. Additionally, the chmod() call on line 2190 always operates on cli_stats_file_path regardless of which file_path parameter was passed (a bug that applies wrong permissions), and the umask is set to 0 during daemonization (src/fastnetmon.cpp line 1821), making all created files world-writable. A local attacker can exploit this to overwrite arbitrary files as the FastNetMon process user (typically root).
AI Analysis
Technical Summary
FastNetMon Community Edition versions through 1.2.9 are vulnerable to a local symlink attack because the statistics file path defaults to a predictable location in /tmp ('/tmp/fastnetmon.dat'). The function print_screen_contents_into_file() truncates and writes to this file without checking for symbolic links or using safe file open flags like O_NOFOLLOW. Additionally, a bug causes chmod() to apply permissions incorrectly, and the daemon sets umask to 0, making created files world-writable. These factors combined allow a local attacker to exploit the vulnerability to overwrite arbitrary files as the FastNetMon process user, which is typically root.
Potential Impact
A local attacker can leverage this vulnerability to overwrite arbitrary files on the system with the privileges of the FastNetMon process user, typically root. This can lead to privilege escalation or system compromise depending on which files are overwritten. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local access to the system and consider monitoring or restricting the /tmp directory usage by FastNetMon. Avoid running FastNetMon with root privileges if possible. No official fix or temporary workaround has been provided in the available data.
CVE-2026-48693: n/a
Description
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function (src/fastnetmon_logic.cpp line 2186) opens this path with std::ios::trunc without checking for symlinks or using O_NOFOLLOW. Additionally, the chmod() call on line 2190 always operates on cli_stats_file_path regardless of which file_path parameter was passed (a bug that applies wrong permissions), and the umask is set to 0 during daemonization (src/fastnetmon.cpp line 1821), making all created files world-writable. A local attacker can exploit this to overwrite arbitrary files as the FastNetMon process user (typically root).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FastNetMon Community Edition versions through 1.2.9 are vulnerable to a local symlink attack because the statistics file path defaults to a predictable location in /tmp ('/tmp/fastnetmon.dat'). The function print_screen_contents_into_file() truncates and writes to this file without checking for symbolic links or using safe file open flags like O_NOFOLLOW. Additionally, a bug causes chmod() to apply permissions incorrectly, and the daemon sets umask to 0, making created files world-writable. These factors combined allow a local attacker to exploit the vulnerability to overwrite arbitrary files as the FastNetMon process user, which is typically root.
Potential Impact
A local attacker can leverage this vulnerability to overwrite arbitrary files on the system with the privileges of the FastNetMon process user, typically root. This can lead to privilege escalation or system compromise depending on which files are overwritten. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local access to the system and consider monitoring or restricting the /tmp directory usage by FastNetMon. Avoid running FastNetMon with root privileges if possible. No official fix or temporary workaround has been provided in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-05-22T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a15d231891d628fdc604cce
Added to database: 5/26/2026, 5:02:41 PM
Last enriched: 5/26/2026, 5:19:37 PM
Last updated: 5/26/2026, 11:08:23 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.