Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
References
| Link | Resource |
|---|---|
| https://github.com/Cacti/cacti/commit/9871f0cef9af285398d558c9b3188d5977e01a04 | Patch |
| https://github.com/Cacti/cacti/security/advisories/GHSA-rm7p-qcqm-x5m6 | Patch Vendor Advisory |
Configurations
History
25 Jun 2026, 14:59
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* | |
| First Time |
Cacti
Cacti cacti |
|
| References | () https://github.com/Cacti/cacti/commit/9871f0cef9af285398d558c9b3188d5977e01a04 - Patch | |
| References | () https://github.com/Cacti/cacti/security/advisories/GHSA-rm7p-qcqm-x5m6 - Patch, Vendor Advisory |
24 Jun 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-24 23:16
Updated : 2026-06-26 05:16
NVD link : CVE-2026-39938
Mitre link : CVE-2026-39938
CVE.ORG link : CVE-2026-39938
JSON object : View
Products Affected
cacti
- cacti
