HIGHCVE-2026-6204Published 2026-04-13Modified 2026-04-13CNA PRJBLK

CVE-2026-6204: LibreNMS versions before 26

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: 26.3.0
Affected Products: 1

Fix available

26.3.0

Affected packages

librenms / librenms
< 26.3.0 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

github.com
projectblack.io

Metrics

Fix available