CVE-2026-27016
MEDIUM
GHSA-fqx6-693c-f55g
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.
Analysis
Stored cross-site scripting in LibreNMS versions 24.10.0 through 26.1.1 allows authenticated users to inject malicious scripts through the unsanitized unit parameter in Custom OID configurations, which are then executed when other users view the affected pages. An attacker with login credentials could exploit this to steal session tokens, perform actions on behalf of other administrators, or compromise the monitoring infrastructure. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today