cbcvebase.
CVE-2026-26988
published 2026-02-20

CVE-2026-26988: LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the…

PriorityP267critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
7.44%
93.7th percentile
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
librenmslibrenms< 26.2.026.2.0
librenmslibrenms>= 0 < 26.2.026.2.0

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor HTTP requests to the ajax_table.php endpoint for SQL injection patterns in the 'address' parameter, particularly in the prefix portion (after the '/' separator) of IPv6 address inputs
  • Flag requests to ajax_table.php where the IPv6 prefix field contains SQL metacharacters or injection payloads (e.g., quotes, comment sequences, UNION/SELECT keywords)

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.