CVE-2026-6204
LibreNMS Authenticated Remote Code Execution
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
https://www.cve.org/CVERecord?id=CVE-2026-6204
LibreNMS < 26.3.0 Authenticated RCE & XSS
By searching for unsafe patterns and function calls, we discovered authenticated XSS and RCE vulnerabilities in LibreNMS.
Sayuri Nekomiya