Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6204

created 22 hours ago

LibreNMS versions before 26.3.0 are affected by an authenticated remote …

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

References

https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh vendor-advisory
https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rc… exploit

Affected products

librenms

<26.3.0

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 26.2.0
- nixpkgs-unstable 26.2.0
- nixos-unstable-small 26.2.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

Package maintainers

@yuyuyureka Yureka <yuka@yuka.dev>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@johannwagner Johann Wagner <nix@wagner.digital>
@NetaliDev Jennifer Graul <me@netali.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers