PT-2026-32330 · Librenms · Librenms
Prjblk
·
Published
2026-04-13
·
Updated
2026-05-18
·
CVE-2026-2728
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LibreNMS versions prior to 26.3.0
Description
An authenticated Cross-site Scripting issue exists on the 'showconfig' page. An attacker with administrative privileges can execute scripts that target other users who access the same page.
Recommendations
Update to version 26.3.0 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Librenms