CVE-2026-48694
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48694
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2026-48694
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48694
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-48694 (1)
Other References for CVE-2026-48694 (1)
Same Patch Batch · n/a · 2026-05-26 · 31 CVEs total
| CVE-2026-9496 | 7.5 HIGH | pacote 11.2.7 DoS漏洞 |
| CVE-2026-9580 | 7.3 HIGH | JeecgBoot selectDepart LoginController.selectDepart access control |
| CVE-2026-9495 | 7.3 HIGH | @koa/router 14.0.0-15.0.0 访问控制绕过 |
| CVE-2026-9581 | 6.3 MEDIUM | JeecgBoot add access control |
| CVE-2026-9579 | 6.3 MEDIUM | JeecgBoot SysUser userEdit user.getUsername access control |
| CVE-2026-9541 | 5.3 MEDIUM | Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow |
| CVE-2026-9568 | 5.0 MEDIUM | ThingsBoard YAML provision getGatewayDockerComposeFile code injection |
| CVE-2026-9604 | 4.3 MEDIUM | JeecgBoot AiragModelController access control |
| CVE-2026-9567 | 3.3 LOW | GPAC MP4Box isom_intern.c MergeFragment null pointer dereference |
| CVE-2026-9572 | 3.3 LOW | GPAC MP4Box media.c Media_GetSample memory leak |
| CVE-2025-68711 | AppLockZ 4.2.11 绕过PIN锁致信息泄露 | |
| CVE-2025-68708 | SailingLab AppLock 4.3.8应用绕过漏洞 | |
| CVE-2026-36239 | PbootCMS v3.2.11 站点配置代码注入漏洞 | |
| CVE-2025-68710 | Easyelife App lock 1.9.2 覆盖绕过导致信息泄露 | |
| CVE-2025-68709 | Android AppLock 4.3.8 远程代码执行漏洞 | |
| CVE-2026-48689 | FastNetMon <1.2.9 堆溢出漏洞 | |
| CVE-2026-48695 | FastNetMon ≤1.2.9 MikroTik插件命令注入漏洞 | |
| CVE-2026-48696 | FastNetMon 1.2.9及之前版本存在缓冲区溢出漏洞 | |
| CVE-2026-48697 | FastNetMon <1.2.9 TLS证书验证缺失漏洞 | |
| CVE-2026-48690 | FastNetMon整数溢出致堆损坏 |
Showing top 20 of 31 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-9604
JeecgBoot AiragModelController access control - CVE-2026-9581
JeecgBoot add access control - CVE-2026-9580
JeecgBoot selectDepart LoginController.selectDepart access c - CVE-2026-9579
JeecgBoot SysUser userEdit user.getUsername access control - CVE-2026-9572
GPAC MP4Box media.c Media_GetSample memory leak
V. Comments for CVE-2026-48694
No comments yet