CVE-2026-26988: CVE-2026-26988: Critical SQL Injection in LibreNMS ajax_table.php Endpoint

#security #cve #cybersecurity

CVE-2026-26988: Critical SQL Injection in LibreNMS ajax_table.php Endpoint

Vulnerability ID: CVE-2026-26988
CVSS Score: 9.1
Published: 2026-02-20

LibreNMS versions up to 25.12.0 are vulnerable to an unauthenticated SQL injection in the address search functionality. The flaw allows remote attackers to execute arbitrary database queries via the ajax_table.php endpoint.

TL;DR

Unauthenticated SQL injection in LibreNMS IPv6 search allows arbitrary database compromise. Fixed in version 26.2.0 by migrating to parameterized Laravel controllers.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-89
Attack Vector: Network
CVSS v3.1: 9.1
EPSS Score: 0.00002
Impact: Database Compromise / Data Exfiltration
Exploit Status: Public PoC Available
KEV Status: Not Listed

Affected Systems

LibreNMS <= 25.12.0
LibreNMS: <= 25.12.0 (Fixed in: 26.2.0)

Code Analysis

Commit: 1542958

Rewrite address search backend to parameterized Query Builder

Exploit Details

GitHub: Unauthenticated SQL Injection PoC targeting the ajax_table.php IPv6 search functionality

Mitigation Strategies

Upgrade LibreNMS to version 26.2.0 or later.
Restrict access to the LibreNMS web interface to trusted internal IP addresses or VPN subnets.
Implement WAF rules to detect and block SQL injection attempts targeting the ajax_table.php endpoint.

Remediation Steps:

Log into the LibreNMS application server.
Run the daily.sh update script: ./daily.sh to fetch the latest application updates.
Verify the installed version is 26.2.0 or greater by checking the web interface or running ./validate.php.
Review access logs for POST requests to ajax_table.php containing suspicious SQL syntax in the 'address' parameter to identify potential historical compromises.

References

Read the full report for CVE-2026-26988 on our website for more details including interactive diagrams and full exploit analysis.

DEV Community