Skip to main content

Cacti CVE-2026-40941

HIGH
Improper Verification of Cryptographic Signature (CWE-347)
N/A vendor:alpine
7.1
CVSS 4.0 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable, low-complexity JWT forgery needs an existing low-privilege session (PR:L); impact is integrity-only token tampering (I:H), with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vendor:alpine).

CVSS VectorVendor: vendor:alpine

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 25, 2026 - 23:28 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 25, 2026 - 23:28 vuln.today
Analysis Updated
Jun 25, 2026 - 23:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 25, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jun 25, 2026 - 23:22 NVD
7.1 (HIGH)
Analysis Generated
Jun 18, 2026 - 11:08 vuln.today

DescriptionCVE.org

Alpine Linux: cacti fixed in 1.2.31-0

AnalysisAI

JWT signature verification weakness in the Cacti network monitoring framework (fixed in 1.2.31) lets an authenticated low-privilege user forge or tamper with JSON Web Tokens whose signatures are not properly validated, undermining token integrity. The CWE-347 root cause combined with the vendor's 'Jwt Attack' and 'Information Disclosure' tags points to token forgery that can bypass intended authorization checks. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege Cacti account
Delivery
Reach JWT-handling endpoint over network
Exploit
Forge token with manipulated claims
Execution
Server accepts unverified signature (CWE-347)
Impact
Bypass authorization / assert elevated access

Vulnerability AssessmentAI

Exploitation Exploitation requires network reach to the Cacti web application and an existing low-privilege foothold (CVSS PR:L) - i.e., the attacker must already hold or obtain a valid low-level authenticated context to interact with the JWT-handling code path, after which they forge or alter a token whose signature Cacti fails to verify (CWE-347, 'Jwt Attack' tag). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N) describes a network-reachable, low-complexity flaw requiring some existing privilege (PR:L) with no user interaction, producing high integrity impact but no confidentiality or availability impact - consistent with token forgery/authorization bypass rather than data theft or service disruption. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged authenticated Cacti user (or an attacker who has obtained any valid low-level session) crafts a JWT with manipulated claims that the server accepts because its signature is not properly verified, allowing the attacker to assert elevated or unintended authorization. Because the attack is network-based with low complexity and no user interaction, it can be scripted against any reachable Cacti instance; no public POC was provided in the available data.
Remediation Vendor-released patch: Cacti 1.2.31 (Alpine package cacti 1.2.31-0) - upgrade all Cacti instances to 1.2.31 or later, which incorporates pull request #7054 fixing the JWT signature verification logic; see https://github.com/Cacti/cacti/releases/tag/release%2F1.2.31 and the advisory https://github.com/Cacti/cacti/security/advisories/GHSA-274c-97hj-pv2v. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Cacti deployments and their current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-40941 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy