{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T12:32:36.693","vulnerabilities":[{"cve":{"id":"CVE-2026-26989","sourceIdentifier":"security-advisories@github.com","published":"2026-02-20T02:16:54.710","lastModified":"2026-02-20T16:25:20.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0."},{"lang":"es","value":"LibreNMS es una herramienta de monitorización de red basada en PHP/MySQL/SNMP con auto-descubrimiento. Las versiones 25.12.0 e inferiores están afectadas por una vulnerabilidad de Cross-Site Scripting Almacenado (XSS) en el flujo de trabajo de Reglas de Alerta. Un atacante con privilegios de administrador puede inyectar scripts maliciosos que se ejecuten en el contexto del navegador de cualquier usuario que acceda a la página de Reglas de Alerta. Este problema ha sido solucionado en la versión 26.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"C0838E1C-0369-4B31-9B51-83A5D2A7CAC9"}]}]}],"references":[{"url":"https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/librenms/librenms/pull/19039","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/librenms/librenms/releases/tag/26.2.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}