{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2728", "assignerOrgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "state": "PUBLISHED", "assignerShortName": "PRJBLK", "dateReserved": "2026-02-18T23:44:14.961Z", "datePublished": "2026-04-13T10:39:54.757Z", "dateUpdated": "2026-04-13T12:59:06.750Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "shortName": "PRJBLK", "dateUpdated": "2026-04-13T10:44:47.028Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "librenms", "product": "librenms", "versions": [{"status": "affected", "version": "0", "lessThan": "26.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.</div>"}]}], "references": [{"url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630", "tags": ["exploit"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T12:58:56.020584Z", "id": "CVE-2026-2728", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T12:59:06.750Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2728", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T12:58:56.020584Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T12:59:01.818Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "librenms", "product": "librenms", "versions": [{"status": "affected", "version": "0", "lessThan": "26.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630", "tags": ["exploit"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.", "supportingMedia": [{"type": "text/html", "value": "<div>LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"}]}], "providerMetadata": {"orgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "shortName": "PRJBLK", "dateUpdated": "2026-04-13T10:44:47.028Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2728", "state": "PUBLISHED", "dateUpdated": "2026-04-13T12:59:06.750Z", "dateReserved": "2026-02-18T23:44:14.961Z", "assignerOrgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "datePublished": "2026-04-13T10:39:54.757Z", "assignerShortName": "PRJBLK"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A43AE03C-7129-4F1F-B01C-28637F82A1B4", "versionEndExcluding": "26.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page."}], "id": "CVE-2026-2728", "lastModified": "2026-04-22T19:46:01.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "type": "Secondary"}]}, "published": "2026-04-13T11:16:05.407", "references": [{"source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "tags": ["Exploit", "Third Party Advisory"], "url": "https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630"}], "sourceIdentifier": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "librenms", "source": "cna", "vendor": "librenms"}, "product": "librenms", "vendor": "librenms"}], "analysis": {"en": {"generated_at": "2026-04-13T12:20:41.268489+00:00", "value": {"mitigation_remediation": ["Upgrade LibreNMS to version 26.3.0 or later"], "summary": {"action": "Patch", "impact": "Client\u2011side script execution (Cross\u2011Site Scripting) enabled by authenticated users"}, "threat_synthesis": {"affected_systems": "LibreNMS releases prior to version 26.3.0 are impacted when accessed via the web interface on the showconfig page. The flaw is limited to the LibreNMS product from the librenms vendor.", "description_and_impact": "The vulnerability is an authenticated Cross\u2011Site Scripting flaw in the showconfig page of LibreNMS. Only users with administrative privileges can inject malicious code; once the code runs it can affect any other user who subsequently visits the same page. The injected script can steal session cookies, modify page content, or perform other malicious actions within the victim\u2019s browser. This is a typical instance of CWE\u201179, where unsanitized user input is reflected in web content.", "risk_and_exploitability": "The CVSS score of 4.6 reflects a moderate impact, with no publicly reported exploitation probabilities or KEV listing. Exploitation requires valid administrative credentials, so the attack vector is an authenticated web interface. Because the vulnerability allows only client\u2011side code execution, it does not provide direct code execution on the server, but it can be used for user\u2011contamination or phishing attacks."}}}}, "created": "2026-04-13T12:36:45.465294+00:00", "title": "Authenticated Cross\u2011Site Scripting in LibreNMS showconfig Page", "updated": "2026-04-13T12:52:30.769079+00:00", "vendors": ["librenms", "librenms$PRODUCT$librenms"]}