Description
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Published: 2026-04-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker with administrative privileges to execute arbitrary code on the LibreNMS web server by manipulating the Binary Locations configuration and leveraging the Netcommand feature. This authenticated remote code execution can compromise the underlying operating system and any services running on the host. The weakness is defined as command injection (CWE-78) and has a high severity score of 8.5, indicating broad impact if exploited.

Affected Systems

LibreNMS versions earlier than 26.3.0 are affected. The issue resides in the librenms:librenms product. Users running any pre-26.3.0 release are potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.5 reflects a significant risk, though the EPSS score is not available. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but it remains a high‑severity threat. An attacker must be authenticated with administrative rights to exploit the flaw, typically by logging into the web interface. Once authenticated, the attacker can trigger Netcommand executions that follow the configured binary paths, leading to arbitrary code execution on the host.

Generated by OpenCVE AI on April 13, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreNMS to version 26.3.0 or newer.
  • If an upgrade is not immediately possible, restrict administrative access until the patch is applied.
  • Disable or restrict the Binary Locations configuration and the Netcommand feature if they are not required.

Generated by OpenCVE AI on April 13, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pr3g-phhr-h8fh LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution via Binary Locations in LibreNMS

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Librenms
Librenms librenms
Vendors & Products Librenms
Librenms librenms

Mon, 13 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Librenms Librenms
cve-icon MITRE

Status: PUBLISHED

Assigner: PRJBLK

Published:

Updated: 2026-04-13T12:43:19.241Z

Reserved: 2026-04-13T10:42:58.812Z

Link: CVE-2026-6204

cve-icon Vulnrichment

Updated: 2026-04-13T12:43:15.324Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T11:16:06.243

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-6204

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:29Z

Weaknesses