CVE-2026-48697

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10

Description The software fails to verify TLS certificates on outbound HTTPS connections. The execute web request secure() function in src/fast library.cpp initializes a boost::asio::ssl::context in tls client mode and loads CA certificates via set default verify paths(), but it does not invoke set verify mode(boost::asio::ssl::verify peer). Consequently, OpenSSL completes the TLS handshake without validating the server's certificate chain, enabling man-in-the-middle attacks. This issue affects telemetry reporting to the endpoint 'community-stats.fastnetmon.com', which transmits system data such as CPU model, kernel version, traffic statistics, and software configuration. An attacker could intercept, modify, or redirect this information to a malicious server.

Recommendations Update to version 1.2.10 or later.