{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30480", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T12:06:38.149Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:16:57.969Z"}, "descriptions": [{"lang": "en", "value": "A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-98", "lang": "en", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T11:36:04.773065Z", "id": "CVE-2026-30480", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:06:38.149Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30480", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T11:36:04.773065Z"}}}], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T11:36:52.276Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480"}], "descriptions": [{"lang": "en", "value": "A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:16:57.969Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30480", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:06:38.149Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter."}], "id": "CVE-2026-30480", "lastModified": "2026-04-17T15:24:57.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T15:16:27.337", "references": [{"source": "cve@mitre.org", "url": "https://github.com/parlakbarann/CVE-2026-30480"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/parlakbarann/CVE-2026-30480"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "22.11.0-23-gd091788f2"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "librenms", "vendor": "librenms"}], "analysis": {"en": {"generated_at": "2026-04-18T09:29:49.902579+00:00", "value": {"mitigation_remediation": ["Apply a LibreNMS update newer than build 22.11.0\u201123", "Disable the NFSen module if an update is not immediately possible", "Restrict the nfsen parameter to allow only whitelisted file names", "Enforce strong, unique passwords for all user accounts to reduce the risk of authenticated exploitation", "Monitor log files for anomalous inclusion attempts and audit file access patterns"], "summary": {"action": "Update", "impact": "Local File Inclusion that allows authenticated users to include arbitrary PHP files"}, "threat_synthesis": {"affected_systems": "The vulnerability appears in LibreNMS build 22.11.0\u201123-gd091788f2 and any preceding or equivalent builds that contain the vulnerable nfsen.inc.php handler with the NFSen module enabled. Deployments that have removed or disabled the NFSen module are not vulnerable.", "description_and_impact": "A Local File Inclusion vulnerability exists in the NFSen module of LibreNMS. The flaw allows an authenticated attacker to supply path\u2011traversal sequences in the nfsen parameter, causing the application to include arbitrary PHP files from the server filesystem. Including an arbitrary PHP file could expose sensitive configuration data or other information stored on the host. The weakness is characterized by CWE-98.", "risk_and_exploitability": "The exploit requires valid credentials to allow a user to submit the nfsen parameter. The vulnerability is an LFI that does not require elevated privileges or kernel level access, making it relatively straightforward for an attacker with access. The CVSS score is 6.5 and the EPSS score is less than 1%, indicating a moderate severity with low probability of exploitation; the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an authenticated web request that manipulates the nfsen parameter with path\u2011traversal sequences. Based on the description, it is inferred that the attacker could read or include sensitive files, though concrete execution impact is not confirmed in the payload."}}}}, "created": "2026-04-14T16:16:52.599788+00:00", "title": "Authenticated LFI in LibreNMS NFSen Module Exposes Arbitrary PHP Files", "updated": "2026-04-18T09:30:25.695654+00:00", "vendors": ["librenms", "librenms$PRODUCT$librenms"]}