NIXPKGS-2026-0329

GitHub issue published on 26 Feb 2026

Permalink CVE-2026-26987

updated 3 weeks, 4 days ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse accepted 3 weeks, 4 days ago
@LeSuisse published on GitHub 3 weeks, 4 days ago

LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

References

https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr x_refsource_CONFIRM
https://github.com/librenms/librenms/pull/19038 x_refsource_MISC
https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b x_refsource_MISC
https://github.com/librenms/librenms/releases/tag/26.2.0 x_refsource_MISC

Affected products

librenms

==< 26.2.0

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 25.12.0
- nixpkgs-unstable 25.12.0
- nixos-unstable-small 25.12.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

Package maintainers

@vidister Fiona Weber <v@vidister.de>
@NetaliDev Jennifer Graul <me@netali.de>
@yuyuyureka Yureka <yuka@yuka.dev>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@johannwagner Johann Wagner <nix@wagner.digital>

Upstream advisory: https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr
Upstream patch: https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0329

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers