Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7
Issue Tracking x_refsource_misc
https://github.com/librenms/librenms/pull/19039
Patch x_refsource_misc
https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58
Release Notes x_refsource_misc
https://github.com/librenms/librenms/releases/tag/26.2.0
Scores
CVSS v3
4.3
EPSS
0.0000
EPSS Percentile
0.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
librenms/librenms
< 26.2.0
librenms/librenms
0 - 26.2.0Packagist
Published
Feb 20, 2026
Tracked Since
Feb 20, 2026