CVE-2026-26991

Exploit

EPSS 0.01%
Veröffentlicht 20.02.2026 03:15:59
Zuletzt bearbeitet 20.02.2026 16:21:10
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librenms ≫ Librenms Version < 26.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.017

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/librenms/librenms/releases/tag/26.2.0

Product

Release Notes

https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c

Patch

https://github.com/librenms/librenms/pull/19041

Issue Tracking

https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-26991

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26991

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26991

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26991