CVE Catalog

CVE-2026-39951

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary SQL queries on the database, potentially leading to data leakage, modification, or deletion, as well as privilege escalation within the system.

Recommendation

Immediately update Cacti to version 1.2.31 or later. If updating is not possible, restrict access to the Reports feature to trusted users only.

Original NVD description (English source)

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS