A critical SQL injection vulnerability in LibreNMS allows attackers to execute arbitrary database commands and potentially compromise sensitive network monitoring data.

The vulnerability exists within the ajax_table.php endpoint during the processing of IPv6 searches. The application fails to sanitize the "address" parameter, specifically concatenating the prefix portion directly into an SQL query string, allowing for unauthenticated or low-privileged SQL injection.

A successful SQL injection attack could result in the disclosure of sensitive network topology data, device credentials, and configuration information stored in the LibreNMS database. With a CVSS score of 9.1, this represents a high risk to the confidentiality and integrity of the organization’s network monitoring infrastructure.

Immediate Action: Update LibreNMS to version 26.2.0 or higher to apply the security fix for the ajax_table.php endpoint.

Proactive Monitoring: Review database query logs for unusual syntax or errors related to IPv6 address lookups and monitor for unauthorized data export attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules designed to detect and block SQL injection patterns in AJAX requests.

Public Exploit Available: No

The immediate application of the version 26.2.0 patch is critical. Because LibreNMS holds sensitive information about the entire network, any database compromise could serve as a stepping stone for wider corporate network infiltration.