CVE Catalog
CVE-2026-40941
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.19%
8th percentile — higher than 8% of all known CVEs
Summary
In Cacti versions 1.2.30 and prior, a package import signature validation bypass allows self-signed packages. This issue has been fixed in version 1.2.31.
Risk Assessment
An attacker can inject malicious packages, leading to system integrity compromise and potential takeover of the monitored infrastructure.
Recommendation
Immediately update Cacti to version 1.2.31 or later, which includes the fix for this vulnerability.
Original NVD description (English source)
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.

