ByteOS Network

NVD Vulnerability Details :

CVE-2026-27016

Awaiting Analysis

Source-security-advisories@github.com

Published At-20 Feb, 2026 | 02:16

Updated At-20 Feb, 2026 | 13:49

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping. This issue is fixed in version 26.2.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com
CWE-116	Primary	security-advisories@github.com

CWE ID: CWE-79

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-116

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/librenms/librenms/commit/3bea263e02441690c01dea7fa3fe6ffec94af335	security-advisories@github.com	N/A
https://github.com/librenms/librenms/pull/19040	security-advisories@github.com	N/A
https://github.com/librenms/librenms/releases/tag/26.2.0	security-advisories@github.com	N/A
https://github.com/librenms/librenms/security/advisories/GHSA-fqx6-693c-f55g	security-advisories@github.com	N/A