CVE-2026-6204

CVSS 8.5 HIGHEPSS 7.5%CWE-78

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Produtos afetados

librenms · librenms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc