CVE Catalog

CVE-2026-39899

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.

Risk Assessment

An attacker can exploit the vulnerability to read or write files outside the allowed directory, potentially leading to data leakage or system compromise.

Recommendation

It is recommended to immediately upgrade Cacti to version 1.2.31 or later. Also restrict access to package_import.php to trusted users only.

Original NVD description (English source)

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS