← back
CVE-2026-6204

CVE-2026-6204

CVSS 8.5 HIGHEPSS 7.5%CWE-78
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
librenms · librenms
public PoCs found1
cve_referenceprojectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-pocunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fhhttps://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc