CVE-2024-51092

CriticalPublic PoC

Published: 08 May 2026

Published

08 May 2026

Modified

08 May 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS Score 0.6022 98.3th percentile

Risk Priority 54 60% EPSS · 20% KEV · 20% CVSS

Description

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-78

References

https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw
cve@mitre.org
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb
cve@mitre.org
https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw
134c704f-9b21-4f2e-91b3-4a467353bcc0