DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-2728: CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration

#security #cve #cybersecurity

CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration

Vulnerability ID: CVE-2026-2728
CVSS Score: 4.8
Published: 2026-05-18

LibreNMS versions prior to 26.3.0 contain an authenticated Stored Cross-Site Scripting (XSS) vulnerability within the RANCID integration settings. The flaw occurs during the generation of the RANCID configuration repository link on the showconfig page, where user-supplied input is improperly neutralized before being inserted into an HTML href attribute. An attacker with administrative privileges can execute arbitrary JavaScript in the browser context of other administrators who view the affected page.

TL;DR

An authenticated Stored XSS vulnerability in the LibreNMS showconfig page allows administrative users to inject malicious scripts via the RANCID repository URL setting. This script executes when other administrators view the device configuration page, potentially leading to session hijacking or privilege abuse.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79
  • Attack Vector: Network
  • CVSS v3.1 Score: 4.8
  • EPSS Score: 0.00004
  • Impact: High (Session Hijacking / Privilege Abuse)
  • Exploit Status: Proof of Concept Available
  • CISA KEV: Not Listed

Affected Systems

  • LibreNMS
  • LibreNMS: < 26.3.0 (Fixed in: 26.3.0)

Exploit Details

  • Project Black: Technical analysis and Proof of Concept detailing the payload structure and execution requirements.

Mitigation Strategies

  • Upgrade to patched software version
  • Disable unused external integrations
  • Restrict administrative privileges
  • Monitor configuration changes

Remediation Steps:

  1. Verify current LibreNMS version installed on the server.
  2. If the version is below 26.3.0, schedule a maintenance window.
  3. Back up the LibreNMS database and application files.
  4. Execute the standard LibreNMS upgrade script (e.g., ./daily.sh or Git pull) to update to 26.3.0 or newer.
  5. Verify functionality of the showconfig page to ensure the RANCID repository URL generates correctly without executing injected scripts.

References

Read the full report for CVE-2026-2728 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)