GHSA-79Q9-WC6P-CF92 LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the alertrulelist.inc.php process. An attacker can execute arbitrary JavaScript code in...

LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

GHSA-6XMX-XR9P-58P7 LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

GHSA-H3RV-Q4RQ-PQCV LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the IPv6 address search process. An attacker can execute arbitrary SQL...

LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

GHSA-FQX6-693C-F55G LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /port-groups. An attacker with admin...

LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /device-groups. An attacker with admin...

LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email field in the alerting settings page. An attacker can execute arbitrary...

LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

PT-2026-20905

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below Description LibreNMS is a network monitoring tool. A Time-Based Blind SQL Injection exists in the address-search.inc.php file via the address parameter. Supplying a crafted subnet prefix allows manipulation ...

CVE-2026-27016

creationtimestamp| type| source ---|---|--- 2026-02-17 00:36:01+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g...

CVE-2026-26991

creationtimestamp| type| source ---|---|--- 2026-02-17 00:35:27+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx...

CVE-2026-26992

creationtimestamp| type| source ---|---|--- 2026-02-17 00:35:22+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x...

Exploit for CVE-2026-30480

CVE-2026-30480: LibreNMS Local File Inclusion LFI via Path T...