Search criteria
203 vulnerabilities found for LibreNMS by LibreNMS
CVE-2026-26992 (GCVE-0-2026-26992)
Vulnerability from nvd – Published: 2026-02-20 02:26 – Updated: 2026-02-20 15:53
VLAI?
Title
LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:52:54.647707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:53:20.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI \"/port-groups\". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T02:26:32.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x"
},
{
"name": "https://github.com/librenms/librenms/pull/19042",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19042"
},
{
"name": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-93fx-g747-695x",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26992",
"datePublished": "2026-02-20T02:26:32.702Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:53:20.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26991 (GCVE-0-2026-26991)
Vulnerability from nvd – Published: 2026-02-20 02:21 – Updated: 2026-02-20 16:35
VLAI?
Title
LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T16:32:06.171996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:35:40.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T02:21:31.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx"
},
{
"name": "https://github.com/librenms/librenms/pull/19041",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19041"
},
{
"name": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-5pqf-54qp-32wx",
"discovery": "UNKNOWN"
},
"title": "LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26991",
"datePublished": "2026-02-20T02:21:31.889Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T16:35:40.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27016 (GCVE-0-2026-27016)
Vulnerability from nvd – Published: 2026-02-20 01:34 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.
Severity ?
5.4 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:26:32.832016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:34.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003e= 24.10.0, \u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:34:11.241Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g"
},
{
"name": "https://github.com/librenms/librenms/pull/19040",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19040"
},
{
"name": "https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-fqx6-693c-f55g",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27016",
"datePublished": "2026-02-20T01:34:11.241Z",
"dateReserved": "2026-02-17T03:08:23.490Z",
"dateUpdated": "2026-02-20T15:34:34.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26990 (GCVE-0-2026-26990)
Vulnerability from nvd – Published: 2026-02-20 01:29 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:29:14.167811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:46.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:29:33.838Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92"
},
{
"name": "https://github.com/librenms/librenms/pull/18777",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/18777"
},
{
"name": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"
}
],
"source": {
"advisory": "GHSA-79q9-wc6p-cf92",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26990",
"datePublished": "2026-02-20T01:29:33.838Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:34:46.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26989 (GCVE-0-2026-26989)
Vulnerability from nvd – Published: 2026-02-20 01:25 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Stored XSS in Alert Rule
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:26:36.141583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:55.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:25:31.936Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7"
},
{
"name": "https://github.com/librenms/librenms/pull/19039",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19039"
},
{
"name": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-6xmx-xr9p-58p7",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored XSS in Alert Rule"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26989",
"datePublished": "2026-02-20T01:25:31.936Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:34:55.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26988 (GCVE-0-2026-26988)
Vulnerability from nvd – Published: 2026-02-20 01:17 – Updated: 2026-02-20 15:35
VLAI?
Title
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:31:39.227991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:35:06.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:17:15.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv"
},
{
"name": "https://github.com/librenms/librenms/pull/18777",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/18777"
},
{
"name": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"
}
],
"source": {
"advisory": "GHSA-h3rv-q4rq-pqcv",
"discovery": "UNKNOWN"
},
"title": "LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26988",
"datePublished": "2026-02-20T01:17:15.699Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:35:06.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26987 (GCVE-0-2026-26987)
Vulnerability from nvd – Published: 2026-02-20 01:11 – Updated: 2026-02-20 15:35
VLAI?
Title
LibreNMS affected by reflected XSS via email field
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:31:42.695704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:35:18.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:11:13.925Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr"
},
{
"name": "https://github.com/librenms/librenms/pull/19038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19038"
},
{
"name": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-gqx7-99jw-6fpr",
"discovery": "UNKNOWN"
},
"title": "LibreNMS affected by reflected XSS via email field"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26987",
"datePublished": "2026-02-20T01:11:13.925Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:35:18.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36947 (GCVE-0-2020-36947)
Vulnerability from nvd – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:36
VLAI?
Title
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
Summary
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Hodorsec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:08:15.808529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:36:40.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://community.librenms.org/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreNMS",
"vendor": "LibreNMS",
"versions": [
{
"status": "affected",
"version": "1.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hodorsec"
}
],
"datePublic": "2020-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the \u0027sort\u0027 parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:49.490Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49246",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49246"
},
{
"name": "LibreNMS Official Website",
"tags": [
"product"
],
"url": "https://www.librenms.org"
},
{
"name": "LibreNMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/librenms/librenms"
},
{
"name": "LibreNMS Community",
"tags": [
"product"
],
"url": "https://community.librenms.org/"
},
{
"name": "VulnCheck Advisory: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection"
}
],
"title": "LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36947",
"datePublished": "2026-01-27T15:23:49.490Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-01-27T21:36:40.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68614 (GCVE-0-2025-68614)
Vulnerability from nvd – Published: 2025-12-22 23:43 – Updated: 2025-12-22 23:55
VLAI?
Title
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T23:55:04.294873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T23:55:13.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T23:43:02.947Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"
},
{
"name": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"
}
],
"source": {
"advisory": "GHSA-c89f-8g7g-59wj",
"discovery": "UNKNOWN"
},
"title": "LibreNMS Alert Rule API Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68614",
"datePublished": "2025-12-22T23:43:02.947Z",
"dateReserved": "2025-12-19T14:58:47.824Z",
"dateUpdated": "2025-12-22T23:55:13.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65093 (GCVE-0-2025-65093)
Vulnerability from nvd – Published: 2025-11-18 23:02 – Updated: 2025-11-19 14:58
VLAI?
Title
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Severity ?
5.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:58:37.261599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:58:46.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:02:04.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9"
}
],
"source": {
"advisory": "GHSA-6pmj-xjxp-p8g9",
"discovery": "UNKNOWN"
},
"title": "LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65093",
"datePublished": "2025-11-18T23:02:04.572Z",
"dateReserved": "2025-11-17T20:55:34.691Z",
"dateUpdated": "2025-11-19T14:58:46.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65014 (GCVE-0-2025-65014)
Vulnerability from nvd – Published: 2025-11-18 23:01 – Updated: 2025-11-19 14:53
VLAI?
Title
LibreNMS has Weak Password Policy
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Severity ?
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65014",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:53:12.978777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:53:16.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:01:40.005Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g"
}
],
"source": {
"advisory": "GHSA-5mrf-j8v6-f45g",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Weak Password Policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65014",
"datePublished": "2025-11-18T23:01:40.005Z",
"dateReserved": "2025-11-13T15:36:51.680Z",
"dateUpdated": "2025-11-19T14:53:16.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65013 (GCVE-0-2025-65013)
Vulnerability from nvd – Published: 2025-11-18 23:01 – Updated: 2025-11-19 14:46
VLAI?
Title
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:46:48.291091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:46:51.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim\u2019s browser. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:01:21.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x"
}
],
"source": {
"advisory": "GHSA-j8cq-7f6p-256x",
"discovery": "UNKNOWN"
},
"title": "LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65013",
"datePublished": "2025-11-18T23:01:21.659Z",
"dateReserved": "2025-11-13T15:36:51.679Z",
"dateUpdated": "2025-11-19T14:46:51.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62412 (GCVE-0-2025-62412)
Vulnerability from nvd – Published: 2025-10-16 17:54 – Updated: 2025-10-16 19:21
VLAI?
Title
LibreNMS alert-rules Cross-Site Scripting Vulnerability
Summary
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:25:48.701440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:21:43.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:54:09.256Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
},
{
"name": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
}
],
"source": {
"advisory": "GHSA-6g2v-66ch-6xmh",
"discovery": "UNKNOWN"
},
"title": "LibreNMS alert-rules Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62412",
"datePublished": "2025-10-16T17:54:09.256Z",
"dateReserved": "2025-10-13T16:26:12.179Z",
"dateUpdated": "2025-10-16T19:21:43.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62411 (GCVE-0-2025-62411)
Vulnerability from nvd – Published: 2025-10-16 17:50 – Updated: 2025-10-16 19:22
VLAI?
Title
Stored XSS in Alert Transport name field in LibreNMS
Summary
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62411",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:27:02.453903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:22:04.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS \u003c= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin\u2019s browser. This vulnerability is fixed in 25.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:51:26.804Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w"
},
{
"name": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450"
}
],
"source": {
"advisory": "GHSA-frc6-pwgr-c28w",
"discovery": "UNKNOWN"
},
"title": "Stored XSS in Alert Transport name field in LibreNMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62411",
"datePublished": "2025-10-16T17:50:28.184Z",
"dateReserved": "2025-10-13T16:26:12.179Z",
"dateUpdated": "2025-10-16T19:22:04.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62365 (GCVE-0-2025-62365)
Vulnerability from nvd – Published: 2025-10-13 21:43 – Updated: 2025-10-14 15:16
VLAI?
Title
LibreNMS vulnerable to Reflected-XSS in `report_this` function
Summary
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T15:16:34.433697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:16:41.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T21:43:49.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p"
},
{
"name": "https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008"
}
],
"source": {
"advisory": "GHSA-86rg-8hc8-v82p",
"discovery": "UNKNOWN"
},
"title": "LibreNMS vulnerable to Reflected-XSS in `report_this` function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62365",
"datePublished": "2025-10-13T21:43:49.802Z",
"dateReserved": "2025-10-10T14:22:48.203Z",
"dateUpdated": "2025-10-14T15:16:41.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-26992 (GCVE-0-2026-26992)
Vulnerability from cvelistv5 – Published: 2026-02-20 02:26 – Updated: 2026-02-20 15:53
VLAI?
Title
LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:52:54.647707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:53:20.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI \"/port-groups\". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T02:26:32.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x"
},
{
"name": "https://github.com/librenms/librenms/pull/19042",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19042"
},
{
"name": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-93fx-g747-695x",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26992",
"datePublished": "2026-02-20T02:26:32.702Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:53:20.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26991 (GCVE-0-2026-26991)
Vulnerability from cvelistv5 – Published: 2026-02-20 02:21 – Updated: 2026-02-20 16:35
VLAI?
Title
LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T16:32:06.171996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:35:40.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T02:21:31.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx"
},
{
"name": "https://github.com/librenms/librenms/pull/19041",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19041"
},
{
"name": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-5pqf-54qp-32wx",
"discovery": "UNKNOWN"
},
"title": "LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26991",
"datePublished": "2026-02-20T02:21:31.889Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T16:35:40.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27016 (GCVE-0-2026-27016)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:34 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.
Severity ?
5.4 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:26:32.832016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:34.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003e= 24.10.0, \u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:34:11.241Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g"
},
{
"name": "https://github.com/librenms/librenms/pull/19040",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19040"
},
{
"name": "https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-fqx6-693c-f55g",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27016",
"datePublished": "2026-02-20T01:34:11.241Z",
"dateReserved": "2026-02-17T03:08:23.490Z",
"dateUpdated": "2026-02-20T15:34:34.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26990 (GCVE-0-2026-26990)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:29 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:29:14.167811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:46.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:29:33.838Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92"
},
{
"name": "https://github.com/librenms/librenms/pull/18777",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/18777"
},
{
"name": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"
}
],
"source": {
"advisory": "GHSA-79q9-wc6p-cf92",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26990",
"datePublished": "2026-02-20T01:29:33.838Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:34:46.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26989 (GCVE-0-2026-26989)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:25 – Updated: 2026-02-20 15:34
VLAI?
Title
LibreNMS has Stored XSS in Alert Rule
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:26:36.141583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:55.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:25:31.936Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7"
},
{
"name": "https://github.com/librenms/librenms/pull/19039",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19039"
},
{
"name": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-6xmx-xr9p-58p7",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Stored XSS in Alert Rule"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26989",
"datePublished": "2026-02-20T01:25:31.936Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:34:55.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26988 (GCVE-0-2026-26988)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:17 – Updated: 2026-02-20 15:35
VLAI?
Title
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:31:39.227991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:35:06.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:17:15.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv"
},
{
"name": "https://github.com/librenms/librenms/pull/18777",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/18777"
},
{
"name": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"
}
],
"source": {
"advisory": "GHSA-h3rv-q4rq-pqcv",
"discovery": "UNKNOWN"
},
"title": "LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26988",
"datePublished": "2026-02-20T01:17:15.699Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:35:06.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26987 (GCVE-0-2026-26987)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:11 – Updated: 2026-02-20 15:35
VLAI?
Title
LibreNMS affected by reflected XSS via email field
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:31:42.695704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:35:18.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:11:13.925Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr"
},
{
"name": "https://github.com/librenms/librenms/pull/19038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/pull/19038"
},
{
"name": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b"
},
{
"name": "https://github.com/librenms/librenms/releases/tag/26.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/releases/tag/26.2.0"
}
],
"source": {
"advisory": "GHSA-gqx7-99jw-6fpr",
"discovery": "UNKNOWN"
},
"title": "LibreNMS affected by reflected XSS via email field"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26987",
"datePublished": "2026-02-20T01:11:13.925Z",
"dateReserved": "2026-02-17T01:41:24.606Z",
"dateUpdated": "2026-02-20T15:35:18.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36947 (GCVE-0-2020-36947)
Vulnerability from cvelistv5 – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:36
VLAI?
Title
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
Summary
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Hodorsec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:08:15.808529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:36:40.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://community.librenms.org/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreNMS",
"vendor": "LibreNMS",
"versions": [
{
"status": "affected",
"version": "1.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hodorsec"
}
],
"datePublic": "2020-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the \u0027sort\u0027 parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:49.490Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49246",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49246"
},
{
"name": "LibreNMS Official Website",
"tags": [
"product"
],
"url": "https://www.librenms.org"
},
{
"name": "LibreNMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/librenms/librenms"
},
{
"name": "LibreNMS Community",
"tags": [
"product"
],
"url": "https://community.librenms.org/"
},
{
"name": "VulnCheck Advisory: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection"
}
],
"title": "LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36947",
"datePublished": "2026-01-27T15:23:49.490Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-01-27T21:36:40.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68614 (GCVE-0-2025-68614)
Vulnerability from cvelistv5 – Published: 2025-12-22 23:43 – Updated: 2025-12-22 23:55
VLAI?
Title
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T23:55:04.294873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T23:55:13.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T23:43:02.947Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"
},
{
"name": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"
}
],
"source": {
"advisory": "GHSA-c89f-8g7g-59wj",
"discovery": "UNKNOWN"
},
"title": "LibreNMS Alert Rule API Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68614",
"datePublished": "2025-12-22T23:43:02.947Z",
"dateReserved": "2025-12-19T14:58:47.824Z",
"dateUpdated": "2025-12-22T23:55:13.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65093 (GCVE-0-2025-65093)
Vulnerability from cvelistv5 – Published: 2025-11-18 23:02 – Updated: 2025-11-19 14:58
VLAI?
Title
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Severity ?
5.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:58:37.261599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:58:46.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:02:04.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9"
}
],
"source": {
"advisory": "GHSA-6pmj-xjxp-p8g9",
"discovery": "UNKNOWN"
},
"title": "LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65093",
"datePublished": "2025-11-18T23:02:04.572Z",
"dateReserved": "2025-11-17T20:55:34.691Z",
"dateUpdated": "2025-11-19T14:58:46.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65014 (GCVE-0-2025-65014)
Vulnerability from cvelistv5 – Published: 2025-11-18 23:01 – Updated: 2025-11-19 14:53
VLAI?
Title
LibreNMS has Weak Password Policy
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Severity ?
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65014",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:53:12.978777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:53:16.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:01:40.005Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g"
}
],
"source": {
"advisory": "GHSA-5mrf-j8v6-f45g",
"discovery": "UNKNOWN"
},
"title": "LibreNMS has Weak Password Policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65014",
"datePublished": "2025-11-18T23:01:40.005Z",
"dateReserved": "2025-11-13T15:36:51.680Z",
"dateUpdated": "2025-11-19T14:53:16.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65013 (GCVE-0-2025-65013)
Vulnerability from cvelistv5 – Published: 2025-11-18 23:01 – Updated: 2025-11-19 14:46
VLAI?
Title
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Summary
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:46:48.291091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:46:51.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim\u2019s browser. This issue has been patched in version 25.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T23:01:21.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x"
}
],
"source": {
"advisory": "GHSA-j8cq-7f6p-256x",
"discovery": "UNKNOWN"
},
"title": "LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65013",
"datePublished": "2025-11-18T23:01:21.659Z",
"dateReserved": "2025-11-13T15:36:51.679Z",
"dateUpdated": "2025-11-19T14:46:51.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62412 (GCVE-0-2025-62412)
Vulnerability from cvelistv5 – Published: 2025-10-16 17:54 – Updated: 2025-10-16 19:21
VLAI?
Title
LibreNMS alert-rules Cross-Site Scripting Vulnerability
Summary
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:25:48.701440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:21:43.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:54:09.256Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
},
{
"name": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
}
],
"source": {
"advisory": "GHSA-6g2v-66ch-6xmh",
"discovery": "UNKNOWN"
},
"title": "LibreNMS alert-rules Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62412",
"datePublished": "2025-10-16T17:54:09.256Z",
"dateReserved": "2025-10-13T16:26:12.179Z",
"dateUpdated": "2025-10-16T19:21:43.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62411 (GCVE-0-2025-62411)
Vulnerability from cvelistv5 – Published: 2025-10-16 17:50 – Updated: 2025-10-16 19:22
VLAI?
Title
Stored XSS in Alert Transport name field in LibreNMS
Summary
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62411",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:27:02.453903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:22:04.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"status": "affected",
"version": "\u003c 25.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS \u003c= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin\u2019s browser. This vulnerability is fixed in 25.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:51:26.804Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w"
},
{
"name": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450"
}
],
"source": {
"advisory": "GHSA-frc6-pwgr-c28w",
"discovery": "UNKNOWN"
},
"title": "Stored XSS in Alert Transport name field in LibreNMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62411",
"datePublished": "2025-10-16T17:50:28.184Z",
"dateReserved": "2025-10-13T16:26:12.179Z",
"dateUpdated": "2025-10-16T19:22:04.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0174
Vulnerability from certfr_avis - Published: 2026-02-17 - Updated: 2026-02-17
De multiples vulnérabilités ont été découvertes dans LibreNMS. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "LibreNMS versions ant\u00e9rieures \u00e0 26.2.0",
"product": {
"name": "LibreNMS",
"vendor": {
"name": "LibreNMS",
"scada": false
}
}
},
{
"description": "LibreNMS versions post\u00e9rieures \u00e0 24.10.0 et ant\u00e9rieures \u00e0 26.2.0 pour composer",
"product": {
"name": "LibreNMS",
"vendor": {
"name": "LibreNMS",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26988"
},
{
"name": "CVE-2026-26990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26990"
},
{
"name": "CVE-2026-26989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26989"
},
{
"name": "CVE-2026-26987",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26987"
}
],
"initial_release_date": "2026-02-17T00:00:00",
"last_revision_date": "2026-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0174",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans LibreNMS. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi) et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans LibreNMS",
"vendor_advisories": [
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-79q9-wc6p-cf92",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-fqx6-693c-f55g",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-h3rv-q4rq-pqcv",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-93fx-g747-695x",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-5pqf-54qp-32wx",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-6xmx-xr9p-58p7",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 LibreNMS GHSA-gqx7-99jw-6fpr",
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr"
}
]
}