Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
AnalysisAI
Remote code execution in LibreNMS network monitoring platform (versions prior to 26.3.0) allows authenticated administrators to execute arbitrary commands on the underlying web server by manipulating Binary Locations configuration settings combined with the Netcommand feature. This authenticated attack requires administrative privileges but has publicly available exploit code, enabling straightforward weaponization. CVSS 8.5 severity reflects high confidentiality and integrity impact with network-based attack vector and low complexity.
Technical ContextAI
LibreNMS is an open-source network monitoring and management system built on PHP. This vulnerability exploits CWE-78 (OS Command Injection) through two interconnected features: Binary Locations configuration (which defines paths to system executables) and Netcommand (which executes network diagnostic commands). The attack chain involves an authenticated administrator manipulating the Binary Locations configuration to point to attacker-controlled executables or inject malicious parameters, then triggering execution through the Netcommand feature. The CPE identifier cpe:2.3:a:librenms:librenms confirms the affected product is the LibreNMS application itself across all pre-26.3.0 versions. The CVSS 4.0 vector shows network accessibility (AV:N), low attack complexity (AC:L), no attack prerequisites (AT:N), and high privilege requirements (PR:H), indicating the attacker must already possess administrative credentials. The vulnerability represents a classic example of insufficient input validation and sanitization in configuration interfaces that interact with system command execution.
RemediationAI
Upgrade to LibreNMS version 26.3.0 or later, which contains patches addressing the Binary Locations and Netcommand command injection vulnerability. The fix can be obtained through standard LibreNMS update procedures including Git pull for source installations or container image updates for Docker deployments. Detailed remediation guidance is available in the GitHub Security Advisory at https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh. As an interim workaround if immediate patching is not feasible, restrict administrative access to LibreNMS to only essential personnel, implement IP allowlisting for admin interface access, enable multi-factor authentication for administrative accounts, and monitor audit logs for unexpected changes to Binary Locations configuration or unusual Netcommand execution patterns. Review and rotate administrative credentials if unauthorized access is suspected. Given the availability of public exploit code, prioritize patching over temporary workarounds.
An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 7.2), this vulnerability is remotely exploit
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Rate
An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp
SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.
An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.1), this vulnerability is remotely exp
SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database informatio
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated high severity (CVSS 8.8), this vulnera
An issue was discovered in LibreNMS before 1.65.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,
An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 8.8), this vulnerability is remotely exploit
An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable,
An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 8.1), this vulnerability is remotely exploit
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21908
GHSA-pr3g-phhr-h8fh