CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.1%

CVSS Severity

References

https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2728

Products

Pricing

Contact Us