cacti security advisories

3 threat alerts tracking vulnerabilities and security advisories that affect cacti products.

Vulnios monitors cacti CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent cacti security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2026-39948 — cacti — cacti
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_
criticalCVE-2026-39948
Critical Vulnerability: CVE-2026-40079 — cacti — cacti
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The esca
criticalCVE-2026-40079
Critical Vulnerability: CVE-2017-12065 — cacti — cacti
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
criticalCVE-2017-12065

Track cacti exposure across your environment

Vulnios automatically cross-references your asset inventory against new cacti CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

cacti security advisories

Critical Vulnerability: CVE-2026-39948 — cacti — cacti

Critical Vulnerability: CVE-2026-40079 — cacti — cacti

Critical Vulnerability: CVE-2017-12065 — cacti — cacti

Track cacti exposure across your environment