NIXPKGS-2026-1093

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-6204

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse accepted 2 months, 1 week ago
@LeSuisse published on GitHub 2 months, 1 week ago

LibreNMS versions before 26.3.0 are affected by an authenticated remote …

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

References

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh vendor-advisory
https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rc… exploit

Affected products

librenms

<26.3.0

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 26.2.0
- nixpkgs-unstable 26.2.0
- nixos-unstable-small 26.2.0

Package maintainers

@johannwagner Johann Wagner <nix@wagner.digital>
@NetaliDev Jennifer Graul <me@netali.de>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1093

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers