LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php_CVE-2026-26990

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.

AI Analysis

Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter

Basic Information

ID CVE-2026-26990

Source GitHub_M

Published Feb 20, 2026 at 01:29

Affected Product

Vendor librenms

Product librenms

Version < 26.2.0

Affected Versions librenms librenms < 26.2.0

CWE Classification

CWE-89

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor LibreNMS

Product LibreNMS

Version 25.12.0 and below

References

{
    "lastseen": "",
    "description": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.",
    "published": "2026-02-20T01:29:33.838Z",
    "modified": "2026-02-20T01:29:33.838Z",
    "type": "cve",
    "title": "LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php",
    "source": "GitHub_M",
    "references": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92\nhttps://github.com/librenms/librenms/pull/18777\nhttps://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
    "id": "CVE-2026-26990",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "librenms librenms < 26.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "librenms",
    "version": "< 26.2.0",
    "vendor": "librenms",
    "ai_description": "Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter",
    "ai_severity": "High",
    "ai_vendor": "LibreNMS",
    "ai_product": "LibreNMS",
    "ai_version": "25.12.0 and below",
    "ai_score": 8.8
}