CVE-2026-6204

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 26.3.0

Description An authenticated administrator can execute arbitrary code on the host server by abusing the Binary Locations configuration and the Netcommand feature. The application allows administrative users to configure absolute binary paths for network diagnostic tools at the '/settings/external/binaries' endpoint, but it does not sufficiently validate that these paths remain restricted to safe executables. These tools are invoked via the 'GET /ajax/netcmd' endpoint. Although an input filter exists to restrict arguments to valid IP addresses or hostnames, this filter can be bypassed, allowing an attacker to download and execute malicious payloads, potentially leading to a complete compromise of the underlying web server.

Recommendations Update to version 26.3.0 or later. As a temporary workaround, restrict access to the '/settings/external/binaries' configuration to minimize the risk of unauthorized binary path modification.