CVE-2020-36947 HIGH

CVE-2020-36947: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

Vendor Librenms

Product LibreNMS

Weakness CWE-89 · SQLi

Published January 27, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Key dates

02Disclosure timeline

January 27, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-36947

Related vulnerabilities

CVE-2020-36947: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE