CVE-2026-26988

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below

Description LibreNMS is a network monitoring tool. The application does not properly sanitize user input when processing IPv6 address searches in the ajax table.php endpoint. The address parameter is split into an address and a prefix, and the prefix is directly concatenated into an SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation.

Recommendations Update to version 26.2.0 or later.