CVE-2026-27016

MEDIUM

LibreNMS 24.10.0-26.1.1 - Stored XSS

Title source: llm

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.

References (4)

[Vendor Advisory] https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g

[Issue Tracking] https://github.com/librenms/librenms/pull/19040

[Patch] https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335

View Patch ZIP pw:eip

[Release Notes] https://github.com/librenms/librenms/releases/tag/26.2.0

Scores

CVSS v3 5.4

EPSS 0.0000

EPSS Percentile 0.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-116

Status published

Products (2)

librenms/librenms 24.10.0 - 26.2.0Packagist

librenms/librenms 24.10.0 - 26.2.0

Published Feb 20, 2026

Tracked Since Feb 20, 2026