CVE Catalog
CVE-2026-39897
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.27%
18th percentile — higher than 18% of all known CVEs
Summary
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer, which has been fixed in version 1.2.31.
Risk Assessment
Organizations using vulnerable versions may be exposed to XSS attacks, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to upgrade to version 1.2.31 or later to mitigate this vulnerability.
Original NVD description (English source)
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.

