Nixpkgs security tracker

Untriaged

Permalink CVE-2026-26987

created 1 month, 3 weeks ago

LibreNMS affected by reflected XSS via email field

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

References

https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr x_refsource_CONFIRM
https://github.com/librenms/librenms/pull/19038 x_refsource_MISC
https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b x_refsource_MISC
https://github.com/librenms/librenms/releases/tag/26.2.0 x_refsource_MISC

Affected products

librenms

==< 26.2.0

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 25.12.0
- nixpkgs-unstable 25.12.0
- nixos-unstable-small 25.12.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

Package maintainers

@vidister Fiona Weber <v@vidister.de>
@NetaliDev Jennifer Graul <me@netali.de>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@yuyuyureka Yureka <yuka@yuka.dev>
@johannwagner Johann Wagner <nix@wagner.digital>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers