CVE-2026-26990

HIGH EPSS 89.4%
Published Feb 20, 20264mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Feb 20, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
89.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
librenmslibrenms* <26.2.0

References 3

  • github.com https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1
    Patch
  • github.com https://github.com/librenms/librenms/pull/18777
    Issue Tracking
  • github.com https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1
    Patch