CVE-2026-30480

Name of the Vulnerable Software and Affected Versions LibreNMS version 22.11.0-23-gd091788f2

Description A Local File Inclusion (LFI) issue exists in the NFSen module (nfsen.inc.php). This occurs due to improper restriction of the directory path name when processing the nfsen parameter. An authenticated remote attacker can use path traversal sequences to include arbitrary PHP files from the server filesystem, potentially leading to arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.