Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/librenms/librenms@26.3.0
purl pkg:composer/librenms/librenms@26.3.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-2gun-mcx6-akcy LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server. CVE-2026-6204
GHSA-pr3g-phhr-h8fh
VCID-mb8k-971z-myd1 Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references. ## Original Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server. GHSA-7549-ggpq-22w8
VCID-rnnj-pm7e-w3c9 Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gm9-622f-qcg5. This link is maintained to preserve external references. ## Original Description LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page. GHSA-rp7w-624x-95qv
VCID-wjhn-5pcd-77cv LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page. CVE-2026-2728
GHSA-5gm9-622f-qcg5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-15T09:15:18.424617+00:00 GitLab Importer Fixing VCID-2gun-mcx6-akcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/librenms/librenms/GHSA-pr3g-phhr-h8fh.yml 38.6.0
2026-06-13T06:29:02.751033+00:00 GHSA Importer Fixing VCID-rnnj-pm7e-w3c9 https://github.com/advisories/GHSA-rp7w-624x-95qv 38.6.0
2026-06-13T06:29:02.729059+00:00 GHSA Importer Fixing VCID-mb8k-971z-myd1 https://github.com/advisories/GHSA-7549-ggpq-22w8 38.6.0
2026-06-13T06:28:20.320168+00:00 GHSA Importer Fixing VCID-2gun-mcx6-akcy https://github.com/advisories/GHSA-pr3g-phhr-h8fh 38.6.0
2026-06-12T22:01:54.133424+00:00 GitLab Importer Fixing VCID-mb8k-971z-myd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/librenms/librenms/GHSA-7549-ggpq-22w8.yml 38.6.0
2026-06-12T21:39:13.888215+00:00 GitLab Importer Fixing VCID-2gun-mcx6-akcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/librenms/librenms/CVE-2026-6204.yml 38.6.0
2026-06-12T07:51:14.330594+00:00 GithubOSV Importer Fixing VCID-wjhn-5pcd-77cv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-5gm9-622f-qcg5/GHSA-5gm9-622f-qcg5.json 38.6.0
2026-06-12T07:50:07.397112+00:00 GithubOSV Importer Fixing VCID-2gun-mcx6-akcy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-pr3g-phhr-h8fh/GHSA-pr3g-phhr-h8fh.json 38.6.0
2026-06-12T07:46:53.173770+00:00 GithubOSV Importer Fixing VCID-mb8k-971z-myd1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-7549-ggpq-22w8/GHSA-7549-ggpq-22w8.json 38.6.0
2026-06-12T07:45:12.388411+00:00 GithubOSV Importer Fixing VCID-rnnj-pm7e-w3c9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rp7w-624x-95qv/GHSA-rp7w-624x-95qv.json 38.6.0
2026-06-11T20:38:40.783390+00:00 GHSA Importer Fixing VCID-wjhn-5pcd-77cv https://github.com/advisories/GHSA-5gm9-622f-qcg5 38.6.0