CVE-2026-27016

MEDIUM 5.4

LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.

CWE	CWE-79 CWE-116
Vendor	librenms
Product	librenms
Published	Feb 20, 2026
Last Updated	Feb 20, 2026

Stay Ahead of the Next One

Get instant alerts for librenms librenms

Be the first to know when new medium vulnerabilities affecting librenms librenms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

librenms / librenms

>= 24.10.0, < 26.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g github.com: https://github.com/librenms/librenms/pull/19040 github.com: https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335 github.com: https://github.com/librenms/librenms/releases/tag/26.2.0