CVE Catalog

CVE-2026-39897

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer, which has been fixed in version 1.2.31.

Risk Assessment

Organizations using vulnerable versions may be exposed to XSS attacks, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to version 1.2.31 or later to mitigate this vulnerability.

Original NVD description (English source)

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS