CVE-2026-26989

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below

Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a Stored Cross-Site Scripting (XSS) issue in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This allows for the execution of arbitrary code within a user's browser session.

Recommendations Update to version 26.2.0 or later.