CVE-2026-26988

Critical CVSS: 9.3

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.

Vendor

Librenms

Product

Librenms

CWE

CWE-89

Yayın Tarihi

2026-02-20 02:16:54

Güncelleme

2026-02-20 16:31:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Librenms CRITICAL Librenms 2026

Referanslar

https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1 https://github.com/librenms/librenms/pull/18777 https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv

Benzer Kayıtlar

Medium

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port gro…

Medium

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device g…

Medium

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulner…

Medium

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable…

Medium

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by…

High

CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Bas…