Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2026-39951 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-39951

CVE-2026-39951

HIGH7.6

Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Published Jun 24, 2026

Modified Yesterday

Details

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

References

https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f

https://github.com/Cacti/cacti/security/advisories/GHSA-pf37-v86f-5xwp

https://www.cve.org/CVERecord?id=CVE-2026-39951

CVSS Analysis

CVSS v3.1

7.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

LowI:L

Availability

LowA:L

7.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Weakness Type (CWE)

Injection

Ecosystems

Timeline

PublishedJun 24, 2026

ModifiedJun 24, 2026