Moderate severityNVD Advisory· Published Feb 20, 2026· Updated Feb 20, 2026
LibreNMS affected by reflected XSS via email field
CVE-2026-26987
Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
librenms/librenmsPackagist | < 26.2.0 | 26.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-gqx7-99jw-6fprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26987ghsaADVISORY
- github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208bghsax_refsource_MISCWEB
- github.com/librenms/librenms/pull/19038ghsax_refsource_MISCWEB
- github.com/librenms/librenms/releases/tag/26.2.0ghsax_refsource_MISCWEB
- github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fprghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.