HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-48697 — FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on o...

·Source: NIST NVD

Updated:

Executive Summary

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS

Analysis

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server. CVSS Score: 7.4. Published: 2026-05-26T17:16:53.920.

Indicators of Compromise (2)

CVE (1)
CVE-2026-48697
NVDMITRE CVE
Domain (1)
community-stats.fastnetmon.com
VirusTotalURLhaus
Source Attribution

Originally published by NIST NVD on May 26, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Trump Signs Voluntary AI Cyber Review Order

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trump-signs-voluntary-ai-cyber-review-order-image_small-6-a-31833.jpg" align=right hspace=4><b>White House Cuts Proposed AI Review Period From 90 Days to 30</b><br>President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA,

Bank Info Security
MEDIUMVulnerabilityNEW

White House unveils pared-back AI executive order

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”

The Record
MEDIUMVulnerabilityNEW

EBA and NYDFS ink stablecoin MoU

The European Banking Authority (EBA) has signed a Memorandum of Understanding (MoU) with the New York State Department of Financial Services (NYDFS) under the Markets in Crypto-Assets Regulation (MiCA).

Finextra