Platform
php
Component
librenms/librenms
Fixed in
26.3.0
26.3.0
CVE-2026-6204 is a Remote Code Execution (RCE) vulnerability discovered in LibreNMS, a network management system. This flaw allows authenticated administrators to execute arbitrary code on the host server by exploiting insufficient validation of binary paths for network diagnostic tools. The vulnerability impacts LibreNMS versions 26.2.0 and earlier, and a fix is available in version 26.3.0.
An attacker exploiting CVE-2026-6204 could gain complete control over the LibreNMS server. This includes the ability to install malware, steal sensitive data (network configurations, credentials stored within LibreNMS), and potentially pivot to other systems on the network. The impact is particularly severe because the vulnerability requires only administrative privileges within LibreNMS, which are often granted to trusted personnel. Successful exploitation could lead to a full system compromise and significant data breach, potentially disrupting network operations and exposing sensitive information. The ability to execute arbitrary code opens the door to various malicious activities, including data exfiltration, denial-of-service attacks, and the installation of persistent backdoors.
CVE-2026-6204 was publicly disclosed on March 26, 2026. The vulnerability's exploitation context is currently unclear, with no known active campaigns or public proof-of-concept exploits readily available. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if exploited. It is recommended to prioritize patching to prevent potential future exploitation.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
The primary mitigation for CVE-2026-6204 is to upgrade LibreNMS to version 26.3.0 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible, restrict access to the /settings/external/binaries configuration page to only trusted administrators. Implement strict input validation on the binary paths, ensuring they point only to approved executables. Consider using a Web Application Firewall (WAF) to filter requests targeting this endpoint and block attempts to inject malicious code. Regularly review and audit the configuration of LibreNMS to identify and address any potential misconfigurations. After upgrading, confirm the fix by attempting to modify the binary path settings and verifying that the input validation is enforced.
Update LibreNMS to version 26.3.0 or higher to mitigate the remote code execution vulnerability. The update corrects the issue by addressing the misuse of Binary Locations configuration and the Netcommand function. Refer to the release notes for detailed upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6204 is a Remote Code Execution vulnerability in LibreNMS, allowing authenticated admins to execute arbitrary code by manipulating binary paths.
Yes, if you are running LibreNMS versions 26.2.0 or earlier, you are affected by this vulnerability.
Upgrade LibreNMS to version 26.3.0 or later to mitigate the vulnerability. Restrict access to the binary path configuration page as a temporary workaround.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and patching.
Refer to the official LibreNMS security advisory for detailed information and updates: [https://docs.librenms.org/](https://docs.librenms.org/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.