Skip to main content

Cacti CVE-2026-39951

HIGH
SQL Injection (CWE-89)
N/A vendor:alpine
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable web console with low complexity, but a console account is required so PR:L (not PR:N); a SQLi grants full database read/write, justifying C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Analysis Updated
Jun 25, 2026 - 15:28 vuln.today
v5 (cvss_changed)
Analysis Updated
Jun 25, 2026 - 15:28 vuln.today
v4 (cvss_changed)
CVSS changed
Jun 25, 2026 - 15:22 NVD
7.6 (HIGH) 8.8 (HIGH)
Analysis Updated
Jun 25, 2026 - 00:28 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 25, 2026 - 00:28 vuln.today
Analysis Updated
Jun 25, 2026 - 00:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 25, 2026 - 00:22 vuln.today
cvss_changed
CVSS changed
Jun 25, 2026 - 00:22 NVD
7.6 (HIGH)
Analysis Generated
Jun 18, 2026 - 11:02 vuln.today

DescriptionNVD

Alpine Linux: cacti fixed in 1.2.31-0

AnalysisAI

SQL injection in Cacti, the open-source network monitoring and graphing platform, lets an authenticated low-privilege user inject crafted database queries (CWE-89), yielding full confidentiality, integrity, and availability impact; it is fixed in version 1.2.31 (Alpine package 1.2.31-0). The flaw is reachable over the network without user interaction, but EPSS is low (0.19%, 8th percentile), there is no public exploit identified at time of analysis, and it is not on CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify and document all Cacti deployments in your environment. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cacti

View all
CVE-2025-24367 HIGH POC
8.7 Jan 27

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through th

CVE-2022-46169 CRITICAL POC
9.8 Dec 05

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram

CVE-2023-49085 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-49084 HIGH POC
8.8 Dec 21

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).

CVE-2020-14295 HIGH POC
7.2 Jun 17

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. Rated high se

CVE-2023-39361 CRITICAL POC
9.8 Sep 05

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this

CVE-2017-1000031 HIGH POC
8.8 Jul 17

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary S

CVE-2015-8604 HIGH POC
8.8 Apr 11

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote

CVE-2016-3659 HIGH POC
8.8 Apr 11

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQ

CVE-2016-3172 HIGH POC
8.8 Apr 12

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitra

CVE-2025-66399 HIGH POC
8.8 Dec 02

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i

CVE-2023-51448 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

Share

CVE-2026-39951 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy