CVE-2026-2728
Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page
Description
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gm9-622f-qcg5. This link is maintained to preserve external references. ## Original Description LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.
How to fix CVE-2026-2728
To remediate CVE-2026-2728, upgrade the affected package to a fixed version below.
- —upgrade to 26.3.0 or later
- —upgrade to 26.3.0 or later
Is CVE-2026-2728 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 25.12.0, < 26.3.0
- from 0, < 26.3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |