CVE-2026-6204

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 13, 2026

Vendor unknown

Description

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

References

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh
https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc