CVE Catalog

CVE-2026-40941

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

In Cacti versions 1.2.30 and prior, a package import signature validation bypass allows self-signed packages. This issue has been fixed in version 1.2.31.

Risk Assessment

An attacker can inject malicious packages, leading to system integrity compromise and potential takeover of the monitored infrastructure.

Recommendation

Immediately update Cacti to version 1.2.31 or later, which includes the fix for this vulnerability.

Original NVD description (English source)

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS