CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

History

25 Jun 2026, 15:16

Type Values Removed Values Added
First Time Cacti
Cacti cacti
CPE cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
References () https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f - () https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f - Patch
References () https://github.com/Cacti/cacti/security/advisories/GHSA-gp82-qhrg-crv7 - () https://github.com/Cacti/cacti/security/advisories/GHSA-gp82-qhrg-crv7 - Vendor Advisory

24 Jun 2026, 23:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-24 23:16

Updated : 2026-06-26 05:16


NVD link : CVE-2026-39955

Mitre link : CVE-2026-39955

CVE.ORG link : CVE-2026-39955


JSON object : View

Products Affected

cacti

  • cacti
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')