Skip to main content

Cacti CVE-2026-40083

HIGH
SQL Injection (CWE-89)
N/A vendor:alpine
7.2
CVSS 3.1 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Web-reachable SQLi gives AV:N/AC:L, but it requires a privileged Cacti account so PR:H; full database read/write yields C:H/I:H/A:H with no scope change.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vendor:alpine).

CVSS VectorVendor: vendor:alpine

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 25, 2026 - 23:29 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 25, 2026 - 23:29 vuln.today
Analysis Updated
Jun 25, 2026 - 23:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 25, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jun 25, 2026 - 23:22 NVD
7.2 (HIGH)
Analysis Generated
Jun 18, 2026 - 11:02 vuln.today

DescriptionCVE.org

Alpine Linux: cacti fixed in 1.2.31-0

AnalysisAI

SQL injection (CWE-89) in the Cacti network monitoring platform allows an authenticated, high-privileged user to inject crafted SQL that compromises confidentiality, integrity, and availability of the backend database, as tracked by Alpine Linux and fixed in package version 1.2.31-0. The flaw was disclosed via Cacti's GitHub security advisory GHSA-j9jv-6xjq-9hhj and remediated in upstream Cacti release 1.2.31. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Inventory all Cacti instances and document current deployed versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cacti

View all
CVE-2025-24367 HIGH POC
8.7 Jan 27

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through th

CVE-2022-46169 CRITICAL POC
9.8 Dec 05

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram

CVE-2023-49085 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-49084 HIGH POC
8.8 Dec 21

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).

CVE-2020-14295 HIGH POC
7.2 Jun 17

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. Rated high se

CVE-2023-39361 CRITICAL POC
9.8 Sep 05

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this

CVE-2017-1000031 HIGH POC
8.8 Jul 17

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary S

CVE-2015-8604 HIGH POC
8.8 Apr 11

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote

CVE-2016-3659 HIGH POC
8.8 Apr 11

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQ

CVE-2016-3172 HIGH POC
8.8 Apr 12

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitra

CVE-2025-66399 HIGH POC
8.8 Dec 02

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i

CVE-2023-51448 HIGH POC
8.8 Dec 22

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerabil

Share

CVE-2026-40083 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy