CVE-2026-26987
LibreNMS affected by reflected XSS via email field
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
| CWE | CWE-79 |
| Vendor | librenms |
| Product | librenms |
| Published | Feb 20, 2026 |
| Last Updated | Feb 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for librenms librenms
Be the first to know when new unknown vulnerabilities affecting librenms librenms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
librenms / librenms
< 26.2.0
References
github.com: https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr github.com: https://github.com/librenms/librenms/pull/19038 github.com: https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b github.com: https://github.com/librenms/librenms/releases/tag/26.2.0