REPRO-2026-00101 HIGH RCE Verified

LibreNMS: Time-Based Blind SQL Injection in address-search

librenms/librenms (composer) Feb 19, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 11m 33s

Tool calls 123

Affected < 26.2.0

Fixed in 26.2.0

What's the vulnerability?

A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00101

or pruva-verify GHSA-79q9-wc6p-cf92

or pruva-verify CVE-2026-26990

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00101/artifacts/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/rca_report.md6.4 KB

repro/reproduction_steps.sh4.7 KB

bundle/ticket.md8.3 KB

bundle/source.json10.7 KB

bundle/ticket.json19.8 KB

logs/bypass_attempts.txt0.6 KB

logs/variant_analysis.txt2.1 KB

logs/reproduction_evidence.txt1.2 KB