CVE-2026-2728
LibreNMS Authenticated Cross-site Scripting
LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.
https://www.cve.org/CVERecord?id=CVE-2026-2728
LibreNMS < 26.3.0 Authenticated RCE & XSS
By searching for unsafe patterns and function calls, we discovered authenticated XSS and RCE vulnerabilities in LibreNMS.
Sayuri Nekomiya