CVE-2026-2728

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.

CWE	CWE-79
Vendor	librenms
Product	librenms
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for librenms librenms

Be the first to know when new unknown vulnerabilities affecting librenms librenms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

librenms / librenms

0 < 26.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

projectblack.io: https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630