Cacti
Source repositories
CVEs (170)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40080 | 0.00 | — | 0.00 | Jun 26, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($referer, CACTI_PATH_URL). When the user's login_opts == '1' (redirect to referer… | |||
| CVE-2026-40083 | 0.00 | — | 0.00 | Jun 26, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling… | |||
| CVE-2026-40079 | 0.00 | — | 0.01 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged.… | |||
| CVE-2026-39951 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39948 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses… | |||
| CVE-2026-39955 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39938 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31. | |||
| CVE-2026-39900 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39899 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39897 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39894 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric()… | |||
| CVE-2026-39893 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the… | |||
| CVE-2025-66399 | 0.00 | — | 0.11 | Dec 2, 2025 | Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including… | |||
| CVE-2025-26520 | 0.00 | — | 0.00 | Feb 12, 2025 | Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146. | |||
| CVE-2025-24368 | 0.00 | — | 0.00 | Jan 27, 2025 | Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL… | |||
| CVE-2025-22604 | 0.00 | — | 0.05 | Jan 27, 2025 | Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used… | |||
| CVE-2024-54145 | 0.00 | — | 0.01 | Jan 27, 2025 | Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. | |||
| CVE-2024-45598 | 0.00 | — | 0.03 | Jan 27, 2025 | Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply… | |||
| CVE-2024-43365 | 0.00 | — | 0.23 | Oct 7, 2024 | Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in… | |||
| CVE-2024-43364 | 0.00 | — | 0.34 | Oct 7, 2024 | Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to… |
- CVE-2026-40080Jun 26, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($referer, CACTI_PATH_URL). When the user's login_opts == '1' (redirect to referer…
- CVE-2026-40083Jun 26, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling…
- CVE-2026-40079Jun 24, 2026risk 0.00cvss —epss 0.01
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged.…
- CVE-2026-39951Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
- CVE-2026-39948Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses…
- CVE-2026-39955Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
- CVE-2026-39938Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
- CVE-2026-39900Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.
- CVE-2026-39899Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.
- CVE-2026-39897Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.
- CVE-2026-39894Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric()…
- CVE-2026-39893Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the…
- CVE-2025-66399Dec 2, 2025risk 0.00cvss —epss 0.11
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including…
- CVE-2025-26520Feb 12, 2025risk 0.00cvss —epss 0.00
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
- CVE-2025-24368Jan 27, 2025risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL…
- CVE-2025-22604Jan 27, 2025risk 0.00cvss —epss 0.05
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used…
- CVE-2024-54145Jan 27, 2025risk 0.00cvss —epss 0.01
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
- CVE-2024-45598Jan 27, 2025risk 0.00cvss —epss 0.03
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply…
- CVE-2024-43365Oct 7, 2024risk 0.00cvss —epss 0.23
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in…
- CVE-2024-43364Oct 7, 2024risk 0.00cvss —epss 0.34
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to…
Page 4 of 9