Impact
The vulnerability arises from the ajax_table.php endpoint in LibreNMS. The application splits an IPv6 address into its address and prefix parts, but concatenates the prefix directly into an SQL statement without validation or parameterization. This allows an attacker to inject arbitrary SQL commands, leading to unauthorized read or modification of database contents. Such a flaw can compromise the confidentiality and integrity of monitoring data and could facilitate further attacks against the underlying system.
Affected Systems
LibreNMS, the open‑source network monitoring tool, when running version 25.12.0 or earlier. These releases contain the vulnerable ajax_table.php implementation. The issue was addressed in release 26.2.0, which removes the unparameterized query construction. Only installations of LibreNMS older than 26.2.0 need remediation.
Risk and Exploitability
With a CVSS score of 9.3 critical, while the EPSS score of 7% indicates a current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker would need to craft a malicious IPv6 address string targeting the ajax_table.php endpoint; crafted prefixes could be used to inject SQL statements that the server executes. Because the flaw permits arbitrary query execution, the impact could be full database compromise if successful. The EPSS score of 7% suggests the exploit is not widely available, but the high CVSS underscores the gravity of the potential damage.
OpenCVE Enrichment
Github GHSA