CVE-2026-26990
HIGH
GHSA-79q9-wc6p-cf92
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
Analysis
SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database information through time-based blind SQL injection in the address-search function. An attacker with valid credentials can manipulate the subnet prefix parameter to bypass query logic and infer data through conditional timing responses. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all LibreNMS deployments and document versions in use; assess internet exposure of affected instances. Within 7 days: Apply available vendor patch to all LibreNMS installations or implement WAF rules blocking malicious address parameter patterns; validate patches in test environment first. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today