CVE-2026-6204_CVE-2026-6204

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

AI Analysis

Authenticated remote code execution vulnerability in LibreNMS

Basic Information

ID CVE-2026-6204

Source PRJBLK

Published Apr 13, 2026 at 10:56

Affected Product

Vendor librenms

Product librenms

Affected Versions librenms librenms 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor LibreNMS

Product LibreNMS

Version < 26.3.0

References

{
    "lastseen": "",
    "description": "LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.",
    "published": "2026-04-13T10:56:16.850Z",
    "modified": "2026-04-13T10:56:16.850Z",
    "type": "cve",
    "title": "CVE-2026-6204",
    "source": "PRJBLK",
    "references": "https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh\nhttps://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc",
    "id": "CVE-2026-6204",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "librenms librenms 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "librenms",
    "version": "0",
    "vendor": "librenms",
    "ai_description": "Authenticated remote code execution vulnerability in LibreNMS",
    "ai_severity": "High",
    "ai_vendor": "LibreNMS",
    "ai_product": "LibreNMS",
    "ai_version": "< 26.3.0",
    "ai_score": 8.5
}