LibreNMS: SQL Injection in ajax_table.php spreads through a covert data...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.

AI Analysis

SQL Injection vulnerability in the ajax_table.php endpoint due to improper sanitization of user input

Basic Information

ID CVE-2026-26988

Source GitHub_M

Published Feb 20, 2026 at 01:17

Affected Product

Vendor librenms

Product librenms

Version < 26.2.0

Affected Versions librenms librenms < 26.2.0

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor LibreNMS

Product LibreNMS

Version 25.12.0 and below

References

{
    "lastseen": "",
    "description": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.",
    "published": "2026-02-20T01:17:15.699Z",
    "modified": "2026-02-20T01:17:15.699Z",
    "type": "cve",
    "title": "LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream",
    "source": "GitHub_M",
    "references": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv\nhttps://github.com/librenms/librenms/pull/18777\nhttps://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1",
    "id": "CVE-2026-26988",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "librenms librenms < 26.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "librenms",
    "version": "< 26.2.0",
    "vendor": "librenms",
    "ai_description": "SQL Injection vulnerability in the ajax_table.php endpoint due to improper sanitization of user input",
    "ai_severity": "Critical",
    "ai_vendor": "LibreNMS",
    "ai_product": "LibreNMS",
    "ai_version": "25.12.0 and below",
    "ai_score": 9.3
}

LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream_CVE-2026-26988