Cacti
Monthly
(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
SQL injection (CWE-89) in the Cacti open-source network monitoring platform is resolved in version 1.2.31, distributed by Alpine Linux as cacti 1.2.31-0 and tracked upstream in Cacti PR #7039 and advisory GHSA-69gg-mjfm-jjpc. The assigned CVSS 3.1 vector (9.8, AV:N/AC:L/PR:N/UI:N) describes a network-reachable, no-interaction database injection, though Cacti's console pages historically require an authenticated session, so the PR:N rating should be verified against the GHSA advisory. There is no public exploit identified at time of analysis and no CISA KEV or EPSS data was supplied, so active-exploitation risk cannot be confirmed from the available inputs.
Cacti, the open-source network graphing and monitoring solution, received a security fix in Alpine Linux package version 1.2.31-0. The specific vulnerability class, impact, and exploitation conditions are not disclosed in available intelligence - only the patched package version in the Alpine Linux ecosystem is confirmed. Security teams running Cacti on Alpine Linux should treat this as a security-relevant update pending fuller disclosure.
SQL injection in Cacti's graph filtering logic (fixed in 1.2.31) lets remote attackers inject arbitrary SQL through the 'rfilter' request parameter, which was concatenated directly into RLIKE clauses without escaping. The flaw affects the aggregate graph and graph-tree views (aggregate_graphs.php, lib/html_tree.php) and additionally the sortable column/direction parameters, enabling extraction or manipulation of monitoring database contents. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but a vendor patch and security advisory (GHSA-9jqv-4cpm-vm2c) confirm the issue.
Multiple input-validation and injection weaknesses in Cacti, the open-source network/operational monitoring and fault-management framework, are remediated in version 1.2.31 (Alpine package 1.2.31-0). The Alpine advisory and NVD classify the issue as SQL injection (CWE-89, CVSS 9.8), but the referenced upstream commit is a security rollup that fixes command injection in the data-input handler, CSV/formula injection in host and device exports, and a path-traversal in the external-links iframe loader. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
SQL injection (CWE-89) in the Cacti network monitoring platform allows an authenticated, high-privileged user to inject crafted SQL that compromises confidentiality, integrity, and availability of the backend database, as tracked by Alpine Linux and fixed in package version 1.2.31-0. The flaw was disclosed via Cacti's GitHub security advisory GHSA-j9jv-6xjq-9hhj and remediated in upstream Cacti release 1.2.31. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cacti, the open-source network monitoring and graphing solution, contains an unspecified vulnerability addressed in Alpine Linux package version 1.2.31-0. The vulnerability type, affected component, and attacker-accessible impact are not disclosed in the available intelligence. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, leaving severity and exploitation conditions uncharacterized from the data provided.
Path traversal in Cacti's RRDtool theme handling (lib/rrd.php) lets an attacker manipulate the 'graph_theme' value to escape the themes directory and force inclusion of an attacker-influenced 'rrdtheme.php' from an arbitrary path, fixed in Cacti 1.2.31 (Alpine package 1.2.31-0). Because the traversed path is appended to base_path and ultimately included by PHP, successful exploitation can lead to local file inclusion and potential code execution. No public exploit identified at time of analysis and the issue is not on CISA KEV; an upstream source-code fix (basename() sanitization) is publicly available.
Cacti, the network monitoring and graphing tool packaged for Alpine Linux, was patched at version 1.2.31-0 to address CVE-2026-39899. The nature, class, and severity of the underlying vulnerability are not disclosed in available data - no description, CWE, or CVSS vector was provided. No public exploit and no CISA KEV listing have been identified at time of analysis.
SQL injection in Cacti, the open-source network monitoring and graphing platform, lets an authenticated low-privilege user inject crafted database queries (CWE-89), yielding full confidentiality, integrity, and availability impact; it is fixed in version 1.2.31 (Alpine package 1.2.31-0). The flaw is reachable over the network without user interaction, but EPSS is low (0.19%, 8th percentile), there is no public exploit identified at time of analysis, and it is not on CISA KEV. Upstream advisory GHSA-pf37-v86f-5xwp and the consolidated fix commit address this alongside several related hardening fixes.
Cacti network monitoring software received a security fix packaged as version 1.2.31-0 in Alpine Linux, addressing CVE-2026-40084. The upstream vulnerability details - including attack vector, root cause, and impact - are not disclosed in available intelligence sources. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
OS command injection in Cacti network monitoring (fixed in 1.2.31) lets an authenticated administrative user inject shell metacharacters into a Data Input Method's input string, which Cacti passes to the shell when running data-collection scripts, yielding code execution on the poller host. The 1.2.31 hardening (advisory GHSA-xq98-376r-hv9j) also closes CSV/formula injection in host and automation exports, a content-file path traversal in index.php, and unsafe rrdtool argument handling. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cacti, the network monitoring and graphing tool, received a security fix in Alpine Linux package version 1.2.31-0. The specific vulnerability class, technical root cause, and impact scope are not disclosed in the available intelligence. No CVSS score, CWE identifier, or advisory narrative accompanies this CVE at time of analysis, making independent severity assessment impossible from provided data alone.
JWT signature verification weakness in the Cacti network monitoring framework (fixed in 1.2.31) lets an authenticated low-privilege user forge or tamper with JSON Web Tokens whose signatures are not properly validated, undermining token integrity. The CWE-347 root cause combined with the vendor's 'Jwt Attack' and 'Information Disclosure' tags points to token forgery that can bypass intended authorization checks. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; it was reported through the Alpine Linux vendor channel and patched upstream by the Cacti project.
Cacti, a network graphing and monitoring solution, has a vulnerability addressed by Alpine Linux in package version 1.2.31-0. The nature of the flaw, its impact class, and affected attack surface are not described in the available intelligence - only the fix version is confirmed. Security teams should treat this as a priority update for Alpine Linux deployments running Cacti below version 1.2.31-0 until upstream details are published.
Cacti, the open-source network graphing and monitoring tool, received a security fix in Alpine Linux package version 1.2.31-0. The CVE record contains only a terse Alpine Linux vendor advisory noting the fix - no vulnerability description, CVSS scoring, CWE classification, or exploit data is available at time of analysis. Security teams should treat this as a patch-track item pending full NVD enrichment, and upgrade Alpine-packaged Cacti installations to 1.2.31-0 or later as a precaution.
(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
SQL injection (CWE-89) in the Cacti open-source network monitoring platform is resolved in version 1.2.31, distributed by Alpine Linux as cacti 1.2.31-0 and tracked upstream in Cacti PR #7039 and advisory GHSA-69gg-mjfm-jjpc. The assigned CVSS 3.1 vector (9.8, AV:N/AC:L/PR:N/UI:N) describes a network-reachable, no-interaction database injection, though Cacti's console pages historically require an authenticated session, so the PR:N rating should be verified against the GHSA advisory. There is no public exploit identified at time of analysis and no CISA KEV or EPSS data was supplied, so active-exploitation risk cannot be confirmed from the available inputs.
Cacti, the open-source network graphing and monitoring solution, received a security fix in Alpine Linux package version 1.2.31-0. The specific vulnerability class, impact, and exploitation conditions are not disclosed in available intelligence - only the patched package version in the Alpine Linux ecosystem is confirmed. Security teams running Cacti on Alpine Linux should treat this as a security-relevant update pending fuller disclosure.
SQL injection in Cacti's graph filtering logic (fixed in 1.2.31) lets remote attackers inject arbitrary SQL through the 'rfilter' request parameter, which was concatenated directly into RLIKE clauses without escaping. The flaw affects the aggregate graph and graph-tree views (aggregate_graphs.php, lib/html_tree.php) and additionally the sortable column/direction parameters, enabling extraction or manipulation of monitoring database contents. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but a vendor patch and security advisory (GHSA-9jqv-4cpm-vm2c) confirm the issue.
Multiple input-validation and injection weaknesses in Cacti, the open-source network/operational monitoring and fault-management framework, are remediated in version 1.2.31 (Alpine package 1.2.31-0). The Alpine advisory and NVD classify the issue as SQL injection (CWE-89, CVSS 9.8), but the referenced upstream commit is a security rollup that fixes command injection in the data-input handler, CSV/formula injection in host and device exports, and a path-traversal in the external-links iframe loader. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
SQL injection (CWE-89) in the Cacti network monitoring platform allows an authenticated, high-privileged user to inject crafted SQL that compromises confidentiality, integrity, and availability of the backend database, as tracked by Alpine Linux and fixed in package version 1.2.31-0. The flaw was disclosed via Cacti's GitHub security advisory GHSA-j9jv-6xjq-9hhj and remediated in upstream Cacti release 1.2.31. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cacti, the open-source network monitoring and graphing solution, contains an unspecified vulnerability addressed in Alpine Linux package version 1.2.31-0. The vulnerability type, affected component, and attacker-accessible impact are not disclosed in the available intelligence. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, leaving severity and exploitation conditions uncharacterized from the data provided.
Path traversal in Cacti's RRDtool theme handling (lib/rrd.php) lets an attacker manipulate the 'graph_theme' value to escape the themes directory and force inclusion of an attacker-influenced 'rrdtheme.php' from an arbitrary path, fixed in Cacti 1.2.31 (Alpine package 1.2.31-0). Because the traversed path is appended to base_path and ultimately included by PHP, successful exploitation can lead to local file inclusion and potential code execution. No public exploit identified at time of analysis and the issue is not on CISA KEV; an upstream source-code fix (basename() sanitization) is publicly available.
Cacti, the network monitoring and graphing tool packaged for Alpine Linux, was patched at version 1.2.31-0 to address CVE-2026-39899. The nature, class, and severity of the underlying vulnerability are not disclosed in available data - no description, CWE, or CVSS vector was provided. No public exploit and no CISA KEV listing have been identified at time of analysis.
SQL injection in Cacti, the open-source network monitoring and graphing platform, lets an authenticated low-privilege user inject crafted database queries (CWE-89), yielding full confidentiality, integrity, and availability impact; it is fixed in version 1.2.31 (Alpine package 1.2.31-0). The flaw is reachable over the network without user interaction, but EPSS is low (0.19%, 8th percentile), there is no public exploit identified at time of analysis, and it is not on CISA KEV. Upstream advisory GHSA-pf37-v86f-5xwp and the consolidated fix commit address this alongside several related hardening fixes.
Cacti network monitoring software received a security fix packaged as version 1.2.31-0 in Alpine Linux, addressing CVE-2026-40084. The upstream vulnerability details - including attack vector, root cause, and impact - are not disclosed in available intelligence sources. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
OS command injection in Cacti network monitoring (fixed in 1.2.31) lets an authenticated administrative user inject shell metacharacters into a Data Input Method's input string, which Cacti passes to the shell when running data-collection scripts, yielding code execution on the poller host. The 1.2.31 hardening (advisory GHSA-xq98-376r-hv9j) also closes CSV/formula injection in host and automation exports, a content-file path traversal in index.php, and unsafe rrdtool argument handling. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cacti, the network monitoring and graphing tool, received a security fix in Alpine Linux package version 1.2.31-0. The specific vulnerability class, technical root cause, and impact scope are not disclosed in the available intelligence. No CVSS score, CWE identifier, or advisory narrative accompanies this CVE at time of analysis, making independent severity assessment impossible from provided data alone.
JWT signature verification weakness in the Cacti network monitoring framework (fixed in 1.2.31) lets an authenticated low-privilege user forge or tamper with JSON Web Tokens whose signatures are not properly validated, undermining token integrity. The CWE-347 root cause combined with the vendor's 'Jwt Attack' and 'Information Disclosure' tags points to token forgery that can bypass intended authorization checks. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; it was reported through the Alpine Linux vendor channel and patched upstream by the Cacti project.
Cacti, a network graphing and monitoring solution, has a vulnerability addressed by Alpine Linux in package version 1.2.31-0. The nature of the flaw, its impact class, and affected attack surface are not described in the available intelligence - only the fix version is confirmed. Security teams should treat this as a priority update for Alpine Linux deployments running Cacti below version 1.2.31-0 until upstream details are published.
Cacti, the open-source network graphing and monitoring tool, received a security fix in Alpine Linux package version 1.2.31-0. The CVE record contains only a terse Alpine Linux vendor advisory noting the fix - no vulnerability description, CVSS scoring, CWE classification, or exploit data is available at time of analysis. Security teams should treat this as a patch-track item pending full NVD enrichment, and upgrade Alpine-packaged Cacti installations to 1.2.31-0 or later as a precaution.