{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-48695", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-26T17:25:16.371Z", "dateReserved": "2026-05-22T00:00:00.000Z", "datePublished": "2026-05-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-26T17:25:16.371Z"}, "descriptions": [{"lang": "en", "value": "FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec(\"echo `date` \\\"- {FASTNETMON] - \" . $msg . \" \\\" >> \" . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg()."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/pavel-odintsov/fastnetmon"}, {"url": "https://github.com/pavel-odintsov/fastnetmon/blob/master/src/mikrotik_plugin/fastnetmon_mikrotik.php"}, {"url": "https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48695-mikrotik-cmd-injection"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec(\"echo `date` \\\"- {FASTNETMON] - \" . $msg . \" \\\" >> \" . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg()."}], "id": "CVE-2026-48695", "lastModified": "2026-05-26T19:29:02.327", "metrics": {}, "published": "2026-05-26T18:16:52.950", "references": [{"source": "cve@mitre.org", "url": "https://github.com/pavel-odintsov/fastnetmon"}, {"source": "cve@mitre.org", "url": "https://github.com/pavel-odintsov/fastnetmon/blob/master/src/mikrotik_plugin/fastnetmon_mikrotik.php"}, {"source": "cve@mitre.org", "url": "https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48695-mikrotik-cmd-injection"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{}