Description
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
Published: 2026-05-08
Score: n/a
EPSS: 60.2% High
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibreNMS versions prior to 24.10.0 are vulnerable to a classic OS command injection flaw that allows a remote attacker to execute arbitrary system commands. The vulnerability is exposed through the AboutController.php index(), SettingsController.php update(), and PollDevice.php initRrdDirectory() functions, where unvalidated input is passed directly to the operating system. Successful exploitation leads to complete compromise of the host, giving the attacker full control, including the ability to modify or exfiltrate data, install malware, or pivot to other network resources. This flaw presents an immediate risk to confidentiality, integrity, and availability for any LibreNMS instance exposed to untrusted networks or users.

Affected Systems

All installations of LibreNMS below version 24.10.0 are affected. The vulnerability is present in the code paths handled by AboutController, SettingsController, and the initRrdDirectory routine within PollDevice. Upgrading to 24.10.0 or later removes the insecure command-handling code.

Risk and Exploitability

The vulnerability is rated high severity due to its remote code execution nature and lack of authentication requirements to trigger it. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can reach the affected code paths through standard HTTP requests to the LibreNMS web interface, which is typically exposed to network or external users. If the instance runs with elevated privileges, exploitation would result in system-wide compromise.

Generated by OpenCVE AI on May 8, 2026 at 06:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreNMS to version 24.10.0 or newer to remove the vulnerable code paths.
  • If an upgrade is not immediately possible, restrict network access to the LibreNMS web interface so that only trusted users can reach the application endpoints.
  • Apply the following temporary code fix: Sanitize all user-supplied input before passing it to system commands in AboutController.php, SettingsController.php, and PollDevice.php, ensuring no shell metacharacters are interpreted.

Generated by OpenCVE AI on May 8, 2026 at 06:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x645-6pf9-xwxw LibreNMS has an Authenticated OS Command Injection
History

Fri, 08 May 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Librenms
Librenms librenms
Vendors & Products Librenms
Librenms librenms

Fri, 08 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection in LibreNMS Enables Remote Code Execution Prior to 24.10.0
Weaknesses CWE-78

Fri, 08 May 2026 05:45:00 +0000

Type Values Removed Values Added
Description LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
References

Subscriptions

Librenms Librenms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T05:25:09.914Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51092

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T06:16:10.090

Modified: 2026-05-08T06:16:10.090

Link: CVE-2024-51092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T07:30:02Z

Weaknesses