[MEDIUM] LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

PKSA-vfym-rfx7-wjpv CVE-2026-27016 GHSA-fqx6-693c-f55g

Affected package: librenms/librenms

Affected version: >=24.10.0,<26.2.0

Reported by:
GitHub