Cyber Posture

CVE-2026-48697

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: affectedAppOther: not affectedOth

Published: 26 May 2026

Published
26 May 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 2.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-48697 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Pavel-Odintsov Fastnetmon. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-19 Component Authenticity
addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

SC-45 System Time Synchronization
addresses: CWE-295

Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

Lack of TLS certificate verification (CWE-295) directly enables Adversary-in-the-Middle attacks on outbound HTTPS telemetry connections.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL…

more

performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-295
OWASP Top 10 Web 2025
A07:2025

Affected Products

pavel-odintsov
fastnetmon
≤ 1.2.9

EU & UK References

References