System	Score	Found at
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2026-2728
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-5gm9-622f-qcg5
cvssv3.1	3.5	https://github.com/librenms/librenms
generic_textual	LOW	https://github.com/librenms/librenms
cvssv3.1	3.5	https://github.com/librenms/librenms/releases/tag/26.3.0
generic_textual	LOW	https://github.com/librenms/librenms/releases/tag/26.3.0
cvssv3.1	3.5	https://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5
cvssv3.1_qr	LOW	https://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5
generic_textual	LOW	https://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5
cvssv4	4.6	https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630
ssvc	Track	https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-2728
		https://github.com/librenms/librenms/releases/tag/26.3.0
GHSA-5gm9-622f-qcg5		https://github.com/advisories/GHSA-5gm9-622f-qcg5
GHSA-5gm9-622f-qcg5		https://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5
#xss-on-showconfig-page-2630		https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/librenms/librenms

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/librenms/librenms/releases/tag/26.3.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

---

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T12:58:56Z/ Found at https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630

---

Percentile	0.00141
EPSS Score	4e-05
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:53:50.804689+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/2xxx/CVE-2026-2728.json	38.6.0