Security Advisory - Published 2026-06-25 - Cacti
Cacti 1.2.30 and earlier: check graph access, imports, and templates
This Cacti batch affects 1.2.30 and earlier. The risk sits around graph viewing, package import handling, and graph template execution paths. Upgrade to 1.2.31, then review whether guest graph viewing, imports, templates, or database errors changed during the exposure window.
Affected Cacti issues
| CVE | Affected | Review | CVSS |
|---|---|---|---|
| CVE-2026-39955 | <= 1.2.30 | SQL | 9.8 |
| CVE-2026-39948 | <= 1.2.30 | guest graphs | 9.3 |
| CVE-2026-40079 | <= 1.2.30 | templates | 8.6 |
| CVE-2026-39899 | <= 1.2.30 | imports | 6.9 |
Owner self-check
grep -Rni 'CACTI_VERSION\\|cacti_version' include global.php version.php 2>/dev/null
grep -Rni 'guest\\|graph_view\\|package_import\\|graph template\\|rrdtool' log logs apache nginx 2>/dev/null | tail -220
find . -type f -mtime -14 2>/dev/null | egrep 'package_import|graph_view|rrd|template|\\.log$|\\.php$'
grep -Rni 'database error\\|SQL\\|RLIKE\\|package import\\|rrdtool' log logs 2>/dev/null | tail -160What to review
- Cacti version and whether public or guest graph viewing is enabled.
- Recent package imports, plugin changes, uploaded packages, and unexpected filesystem changes.
- Graph templates, RRD activity, and web-server process activity around suspicious graph requests.
- Database errors, unusual graph_view.php access, and requests from unknown networks.
Safe fix path
- Upgrade Cacti to 1.2.31 or newer.
- Restrict Cacti to trusted networks while logs and templates are reviewed.
- Preserve web, database, and Cacti logs before clearing caches or imported packages.
- Rotate database and monitoring credentials if template or package activity looks suspicious.
Repair help
Use Ping7 CVE Repair when a Cacti instance exposed guest graphs, package imports, changed templates, or database errors that need incident review.