CVE-2026-6204

N/A Unknown

Published: April 13, 2026 Modified: April 13, 2026

Description

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh

Source: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc

Source: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-78

Related CVEs

CVE-2026-2728 N/A

CVE-2026-35565 N/A

CVE-2026-35337 N/A

CVE-2025-15632 3.5

CVE-2026-4810 N/A