📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Enterprise Software / Data Analytics CRITICAL 1h Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 8h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 18h Global data_breach Government HIGH 19h Global supply_chain Software Development and Open Source Communities CRITICAL 19h Global malware Software Development CRITICAL 19h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 20h Global vulnerability Enterprise Software / Data Analytics CRITICAL 1h Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 8h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 18h Global data_breach Government HIGH 19h Global supply_chain Software Development and Open Source Communities CRITICAL 19h Global malware Software Development CRITICAL 19h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 20h Global vulnerability Enterprise Software / Data Analytics CRITICAL 1h Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 8h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 18h Global data_breach Government HIGH 19h Global supply_chain Software Development and Open Source Communities CRITICAL 19h Global malware Software Development CRITICAL 19h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 20h
Vulnerabilities

CVE-2026-48697

High
CWE-295 — Weakness Type
Published: May 26, 2026  ·  Modified: Jun 2, 2026  ·  Source: NVD
CVSS v3
7.4
🔗 NVD Official
📄 Description (English)

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server.

🤖 AI Executive Summary

FastNetMon Community Edition fails to verify TLS certificates on outbound HTTPS connections, allowing man-in-the-middle attacks on telemetry data transmission. The vulnerability affects versions through 1.2.9 and exposes sensitive system information including CPU model, kernel version, and traffic statistics.

📄 Description (Arabic)

يفشل FastNetMon Community Edition في التحقق من شهادات TLS على اتصالات HTTPS الصادرة، مما يسمح بهجمات الرجل في الوسط. تؤثر الثغرة على الإصدارات حتى 1.2.9 وتكشف معلومات حساسة عن النظام بما في ذلك نموذج المعالج وإصدار النواة وإحصائيات حركة المرور. يمكن للمهاجمين اعتراض وتعديل بيانات القياس عن بعد أو إعادة توجيهها إلى خادم ضار.

🤖 ملخص تنفيذي (AI)

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections, enabling man-in-the-middle attacks. Telemetry data containing system information, CPU model, kernel version, and traffic statistics can be intercepted and modified by attackers.

🤖 AI Intelligence Analysis Analyzed: May 31, 2026 00:17
🇸🇦 Saudi Arabia Impact Assessment
Saudi Relevance: high
🏢 Affected Saudi Sectors
telecom energy government banking
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.0
/ 10.0
🔧 Remediation Steps (English)
Upgrade FastNetMon Community Edition to version 1.3.0 or later. Implement set_verify_mode(boost::asio::ssl::verify_peer) in the execute_web_request_secure() function. Alternatively, disable telemetry reporting if upgrade is not immediately possible, and implement network segmentation to restrict outbound HTTPS connections to trusted endpoints only.
🔧 خطوات المعالجة (العربية)
قم بترقية FastNetMon Community Edition إلى الإصدار 1.3.0 أو أحدث. قم بتنفيذ set_verify_mode(boost::asio::ssl::verify_peer) في دالة execute_web_request_secure(). بدلاً من ذلك، قم بتعطيل إعداد التقارير عن بعد إذا لم يكن الترقية ممكنة فوراً، وقم بتنفيذ تقسيم الشبكة لتقييد اتصالات HTTPS الصادرة إلى نقاط نهاية موثوقة فقط.
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1.1 5.2.2
🔵 SAMA CSF
ID.SC-4 PR.DS-2
🟡 ISO 27001:2022
A.10.1.1 A.14.2.1
📦 Affected Products / CPE 1 entries
pavel-odintsov:fastnetmon
📊 CVSS Score
7.4
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorN — None / Network
Attack ComplexityH — High
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score7.4
CWECWE-295
EPSS0.01%
Exploit No
Patch ✗ No
Published 2026-05-26
Source Feed nvd
Views 2
🇸🇦 Saudi Risk Score
7.0
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-295
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.