PT-2026-52142 · Cacti · Cacti
Published
2026-06-24
·
Updated
2026-06-25
·
CVE-2026-40079
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape command() function. The escape command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool function graph() is passed through this function and then to shell exec($full commandline). The risk is in rrd execute() where text format values from graph templates (which may contain host variable substitutions) reach shell exec without adequate escaping. This issue has been addressed in version 1.2.31.
Fix
Argument Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cacti