CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

History

25 Jun 2026, 15:09

Type Values Removed Values Added
References () https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f - () https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f - Patch
References () https://github.com/Cacti/cacti/security/advisories/GHSA-pf37-v86f-5xwp - () https://github.com/Cacti/cacti/security/advisories/GHSA-pf37-v86f-5xwp - Vendor Advisory
CPE cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
First Time Cacti
Cacti cacti

25 Jun 2026, 00:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 00:17

Updated : 2026-06-26 19:16


NVD link : CVE-2026-39951

Mitre link : CVE-2026-39951

CVE.ORG link : CVE-2026-39951


JSON object : View

Products Affected

cacti

  • cacti
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')