CVE-2026-30480

MEDIUM

LibreNMS 22.11.0-23-gd091788f2 - LFI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-30480. PoCs published by parlakbarann.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-30480, a Local File Inclusion (LFI) vulnerability in LibreNMS's NFSen module. It includes root cause analysis, proof-of-concept steps, screenshots, and remediation recommendations.

Description

A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter.

Exploits (1)

nomisec WRITEUP

by parlakbarann · poc

https://github.com/parlakbarann/CVE-2026-30480

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-30480, a Local File Inclusion (LFI) vulnerability in LibreNMS's NFSen module. It includes root cause analysis, proof-of-concept steps, screenshots, and remediation recommendations.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: LibreNMS (versions with NFSen module, tested on 22.11.0-23-gd091788f2)

Auth required

Prerequisites: Authenticated LibreNMS user · Access to a device with Netflow/NFSen tab

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 03, 2026 Full analysis →

References (1)

Core 1

Core References

https://github.com/parlakbarann/CVE-2026-30480

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0027

EPSS Percentile 17.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-98

Status published

Published Apr 14, 2026

Tracked Since Apr 14, 2026