GHSA-7549-ggpq-22w8: Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

April 13, 2026 (updated April 14, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references.

Original Description

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.

References

github.com/advisories/GHSA-7549-ggpq-22w8
github.com/librenms/librenms
github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh
nvd.nist.gov/vuln/detail/CVE-2026-6204
projectblack.io/blog/librenms-authenticated-rce-and-xss/

Code Behaviors & Features

Detect and mitigate GHSA-7549-ggpq-22w8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →