Skip to main content

Cacti CVE-2026-40082

MEDIUM
Session Fixation (CWE-384)
N/A vendor:alpine
5.4
CVSS 3.1 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from Vendor (vendor:alpine) · only source for this CVE.

CVSS VectorVendor: vendor:alpine

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
CVSS changed
Jun 25, 2026 - 23:22 NVD
5.4 (MEDIUM)
Analysis Generated
Jun 18, 2026 - 11:08 vuln.today

DescriptionCVE.org

Alpine Linux: cacti fixed in 1.2.31-0

AnalysisAI

Cacti, the network monitoring and graphing tool, received a security fix in Alpine Linux package version 1.2.31-0. The specific vulnerability class, technical root cause, and impact scope are not disclosed in the available intelligence. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Unknown attack vector
Exploit
Trigger undisclosed vulnerability in Cacti
Impact
Achieve undisclosed impact

Vulnerability AssessmentAI

Exploitation No exploitation conditions can be determined from the available data - the CVE description contains only a package fix version string with no vulnerability narrative. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk assessment is severely constrained by the absence of a CVSS score, CVSS vector, CWE, EPSS score, KEV status, and any descriptive narrative beyond the fix version string. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Without a disclosed vulnerability class, a realistic exploit scenario cannot be constructed. Cacti's attack surface historically includes its web interface (authenticated and unauthenticated endpoints), SNMP data ingest pathways, and CLI tooling. …
Remediation Upgrade the Cacti package on Alpine Linux to version 1.2.31-0 or later using the standard Alpine package manager (apk upgrade cacti). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-12965 CRITICAL POC
9.8 Aug 23

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID pa

CVE-2025-28242 CRITICAL POC
9.8 Apr 18

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session

CVE-2022-40916 CRITICAL POC
9.8 Feb 06

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2025-45949 CRITICAL POC
9.8 Apr 28

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /login

CVE-2023-48929 CRITICAL POC
9.8 Dec 08

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. Rated criti

CVE-2023-41012 CRITICAL POC
9.8 Sep 05

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to exe

CVE-2023-31498 CRITICAL POC
9.8 May 11

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to ex

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2021-39290 CRITICAL POC
9.8 Aug 23

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. Rated critical severity (CVSS 9.8), this vulnera

CVE-2020-11729 CRITICAL POC
9.8 Apr 15

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this v

CVE-2019-18418 CRITICAL POC
9.8 Oct 24

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be

CVE-2018-18925 CRITICAL POC
9.8 Nov 04

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s

Share

CVE-2026-40082 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy