CVE Catalog

CVE-2026-40083

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Cacti versions 1.2.30 and prior have an SQL injection vulnerability in managers.php due to unsanitized unserialize and implode operations. The lack of integer validation on deserialized array values allows attackers with SNMP agent management permissions to execute arbitrary SQL commands.

Risk Assessment

An attacker with SNMP agent management permissions can exploit this vulnerability to read, modify, or delete database records, potentially compromising the confidentiality and integrity of the monitoring system.

Recommendation

Upgrade Cacti to version 1.2.31 or later immediately, which includes a fix for the SQL injection vulnerability.

Original NVD description (English source)

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Then, at lines 760 to 766, the deserialized array values are passed directly into db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',', $selected_items) . ')'), where they are imploded into the SQL statement without any integer validation, resulting in SQL Injection when using SNMP agent management permissions. This issue has been fixed in version 1.2.31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS