NIXPKGS-2026-0329

GitHub issue published 4 months ago

Permalink CVE-2026-26987

updated 4 months ago by @LeSuisse Activity log

Created suggestion 4 months ago
@LeSuisse accepted 4 months ago
@LeSuisse published on GitHub 4 months ago

LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

References

https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr x_refsource_CONFIRM
https://github.com/librenms/librenms/pull/19038 x_refsource_MISC
https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b x_refsource_MISC
https://github.com/librenms/librenms/releases/tag/26.2.0 x_refsource_MISC

Affected products

librenms

==< 26.2.0

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 25.12.0
- nixpkgs-unstable 25.12.0
- nixos-unstable-small 25.12.0

Package maintainers

@NetaliDev Jennifer Graul <me@netali.de>
@johannwagner Johann Wagner <nix@wagner.digital>

Upstream advisory: https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr
Upstream patch: https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0329

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers