CVE-2026-6204

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

CWE	CWE-78
Vendor	librenms
Product	librenms
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for librenms librenms

Be the first to know when new unknown vulnerabilities affecting librenms librenms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

librenms / librenms

0 < 26.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh projectblack.io: https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc