Unrated severityNVD Advisory· Published Jun 24, 2026

Cacti: Unauthenticated RCE on Graph Image

CVE-2026-39938

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cacti (software)/Cactillm-fuzzy
Range: <=1.2.30

Patches

Vulnerability mechanics

References

github.com/Cacti/cacti/commit/9871f0cef9af285398d558c9b3188d5977e01a04mitrex_refsource_MISC
github.com/Cacti/cacti/security/advisories/GHSA-rm7p-qcqm-x5m6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000