CVE-2026-6204

Vulnerability Description

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

Vulnerability Details

Published Date

April 13, 2026

Last Modified

April 13, 2026

CWE ID

CWE-78

Source

NVD

External References

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh
https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc

CVE-2026-6204

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment