Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-26990— LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php

CVSS 8.8 · High EPSS 0.00% · P0
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-26990

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
LibreNMS SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 25.12.0及之前版本存在SQL注入漏洞,该漏洞源于address-search.inc.php中address参数处理不当,可能导致基于时间的盲SQL注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
librenmslibrenms < 26.2.0 -

II. Public POCs for CVE-2026-26990

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-26990

登录查看更多情报信息。

Same Patch Batch · librenms · 2026-02-20 · 7 CVEs total

CVE-2026-270165.4 MEDIUMLibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
CVE-2026-269894.3 MEDIUMLibreNMS has Stored XSS in Alert Rule
CVE-2026-26992LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
CVE-2026-26991LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
CVE-2026-26988LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream
CVE-2026-26987LibreNMS affected by reflected XSS via email field

IV. Related Vulnerabilities

Same product: librenms
Same vendor: librenms
Same weakness: CWE-89

V. Comments for CVE-2026-26990

No comments yet

Leave a comment