LibreNMS has Stored XSS in Custom OID

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.

Basic Information

ID CVE-2026-27016

Source GitHub_M

Published Feb 20, 2026 at 01:34

Affected Product

Vendor librenms

Product librenms

Version >= 24.10.0, < 26.2.0

Affected Versions librenms librenms >= 24.10.0, < 26.2.0

CWE Classification

CWE-79 CWE-116

References

{
    "lastseen": "",
    "description": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.",
    "published": "2026-02-20T01:34:11.241Z",
    "modified": "2026-02-20T01:34:11.241Z",
    "type": "cve",
    "title": "LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()",
    "source": "GitHub_M",
    "references": "https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g\nhttps://github.com/librenms/librenms/pull/19040\nhttps://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335\nhttps://github.com/librenms/librenms/releases/tag/26.2.0",
    "id": "CVE-2026-27016",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-116"
    ],
    "cvelist": null,
    "sourceData": "librenms librenms >= 24.10.0, < 26.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "librenms",
    "version": ">= 24.10.0, < 26.2.0",
    "vendor": "librenms",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LibreNMS has Stored XSS in Custom OID – unit parameter missing strip_tags()_CVE-2026-27016