{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-6204", "assignerOrgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "state": "PUBLISHED", "assignerShortName": "PRJBLK", "dateReserved": "2026-04-13T10:42:58.812Z", "datePublished": "2026-04-13T10:56:16.850Z", "dateUpdated": "2026-04-13T12:43:19.241Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "shortName": "PRJBLK", "dateUpdated": "2026-04-13T10:56:16.850Z" }, "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-88", "descriptions": [ { "lang": "en", "value": "CAPEC-88 OS Command Injection" } ] } ], "affected": [ { "vendor": "librenms", "product": "librenms", "versions": [ { "status": "affected", "version": "0", "lessThan": "26.3.0", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.


" } ] } ], "references": [ { "url": "https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh", "tags": [ "vendor-advisory" ] }, { "url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc", "tags": [ "exploit" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" } } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 1.0.1" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-04-13T12:42:55.779944Z", "id": "CVE-2026-6204", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T12:43:19.241Z" } } ] } }