CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

PT-2026-20793

Name of the Vulnerable Software and Affected Versions LibreNMS versions 24.10.0 through 26.1.1 Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, has an issue where the unit parameter in the Custom OID functionality is not properly sanitized. Specifically, it...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unit parameter in print-customoid.php. PoC Pass in a unit parameter value, when...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...