Description
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Published: 2026-04-13
Score: 8.5 High
EPSS: 7.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibreNMS versions older than 26.3.0 contain a flaw that lets an authenticated administrator alter the Binary Locations configuration and use the Netcommand feature to inject and execute arbitrary operating‑system commands. This command‑injection weakness (CWE‑78) gives the attacker full control of the web server’s environment and can lead to compromise of the host operating system. Because the flaw requires administrative privileges, the impact is limited to users who can log into the web interface with admin rights, but any such user can achieve remote code execution.

Affected Systems

Affected deployments are those running LibreNMS releases earlier than 26.3.0. Only the librenms:librenms product is impacted; all other applications or services are unaffected unless they ship this code base internally.

Risk and Exploitability

The CVSS score of 8.5 signals a high severity vulnerability, and an EPSS score of 8% indicates a non‑negligible likelihood that attackers will target this weakness. The flaw is not currently tracked in the CISA KEV catalog. Exploitation requires an authenticated session with administrative rights; the attacker must log into the web console, modify the Binary Locations setting to reference a malicious executable, and then trigger Netcommand to cause the server to run that code. Once executed, the attacker can gain full control of the underlying operating system.

Generated by OpenCVE AI on June 18, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch by upgrading to LibreNMS 26.3.0 or later.
  • Restrict administrative access to only trusted personnel and enforce strict role‑based access controls; remove or disable the Binary Locations configuration and Netcommand feature if they are not required.
  • Validate and sanitize all inputs that populate the Binary Locations configuration; reject absolute paths or paths not within a whitelisted directory, or disable the feature entirely as a temporary workaround.
  • Consider applying network segmentation to isolate LibreNMS servers from critical infrastructure so that even if code execution occurs, lateral movement is limited.

Generated by OpenCVE AI on June 18, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pr3g-phhr-h8fh LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution via Binary Locations and Netcommand in LibreNMS

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution via Binary Locations and Netcommand in LibreNMS

Tue, 16 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution via Binary Locations in LibreNMS

Wed, 22 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution via Binary Locations in LibreNMS

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Librenms
Librenms librenms
Vendors & Products Librenms
Librenms librenms

Mon, 13 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Librenms Librenms
cve-icon MITRE

Status: PUBLISHED

Assigner: PRJBLK

Published:

Updated: 2026-04-13T12:43:19.241Z

Reserved: 2026-04-13T10:42:58.812Z

Link: CVE-2026-6204

cve-icon Vulnrichment

Updated: 2026-04-13T12:43:15.324Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T11:16:06.243

Modified: 2026-06-17T11:00:29.080

Link: CVE-2026-6204

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')