Skip to main content

Cacti CVE-2026-39955

CRITICAL
SQL Injection (CWE-89)
N/A vendor:alpine
9.8
CVSS 3.1 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable web app (AV:N/AC:L), but the affected data-input/export/console functions require an authenticated session, so PR:L rather than PR:N; injection yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vendor:alpine).

CVSS VectorVendor: vendor:alpine

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 24, 2026 - 23:29 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 24, 2026 - 23:28 vuln.today
Analysis Updated
Jun 24, 2026 - 23:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 24, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jun 24, 2026 - 23:22 NVD
9.8 (CRITICAL)
Analysis Generated
Jun 18, 2026 - 11:03 vuln.today

DescriptionCVE.org

Alpine Linux: cacti fixed in 1.2.31-0

AnalysisAI

Multiple input-validation and injection weaknesses in Cacti, the open-source network/operational monitoring and fault-management framework, are remediated in version 1.2.31 (Alpine package 1.2.31-0). The Alpine advisory and NVD classify the issue as SQL injection (CWE-89, CVSS 9.8), but the referenced upstream commit is a security rollup that fixes command injection in the data-input handler, CSV/formula injection in host and device exports, and a path-traversal in the external-links iframe loader. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all Cacti deployments; document current versions; verify network segmentation; review access logs for exploitation attempts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cacti

View all
CVE-2025-24367 HIGH POC
8.7 Jan 27

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through th

CVE-2022-46169 CRITICAL POC
9.8 Dec 05

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram

CVE-2023-49085 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-49084 HIGH POC
8.8 Dec 21

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).

CVE-2020-14295 HIGH POC
7.2 Jun 17

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. Rated high se

CVE-2023-39361 CRITICAL POC
9.8 Sep 05

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this

CVE-2017-1000031 HIGH POC
8.8 Jul 17

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary S

CVE-2015-8604 HIGH POC
8.8 Apr 11

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote

CVE-2016-3659 HIGH POC
8.8 Apr 11

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQ

CVE-2016-3172 HIGH POC
8.8 Apr 12

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitra

CVE-2025-66399 HIGH POC
8.8 Dec 02

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i

CVE-2023-51448 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

Share

CVE-2026-39955 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy