CVE-2026-40079

Source
https://cve.org/CVERecord?id=CVE-2026-40079
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40079.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40079
Aliases
  • GHSA-xq98-376r-hv9j
Downstream
Published
2026-06-24T23:26:40.623Z
Modified
2026-07-08T08:13:12.532027045Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L CVSS Calculator
Summary
Cacti: Command Injection via escape_command() no-op in RRDtool execution
Details

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand() function. The escapecommand() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtoolfunctiongraph() is passed through this function and then to shellexec($fullcommandline). The risk is in _rrdexecute() where textformat values from graph templates (which may contain host variable substitutions) reach shellexec without adequate escaping. This issue has been addressed in version 1.2.31.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40079.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78",
        "CWE-88"
    ]
}
References

Affected packages

Git / github.com/cacti/cacti

Affected ranges

Type
GIT
Repo
https://github.com/cacti/cacti
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.31"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

releaes/1.*
releaes/1.2.19
release/1.*
release/1.0.0
release/1.0.1
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.5
release/1.0.6
release/1.1.0
release/1.1.1
release/1.1.11
release/1.1.12
release/1.1.13
release/1.1.14
release/1.1.15
release/1.1.16
release/1.1.17
release/1.1.18
release/1.1.19
release/1.1.2
release/1.1.20
release/1.1.21
release/1.1.22
release/1.1.23
release/1.1.24
release/1.1.25
release/1.1.26
release/1.1.27
release/1.1.28
release/1.1.29
release/1.1.3
release/1.1.30
release/1.1.31
release/1.1.32
release/1.1.33
release/1.1.34
release/1.1.35
release/1.1.36
release/1.1.37
release/1.1.38
release/1.1.4
release/1.1.5
release/1.1.6
release/1.1.7
release/1.1.8
release/1.2.0
release/1.2.1
release/1.2.10
release/1.2.11
release/1.2.12
release/1.2.13
release/1.2.14
release/1.2.15
release/1.2.16
release/1.2.17
release/1.2.18
release/1.2.19
release/1.2.2
release/1.2.20
release/1.2.21
release/1.2.22
release/1.2.23
release/1.2.24
release/1.2.25
release/1.2.26
release/1.2.27
release/1.2.28
release/1.2.29
release/1.2.3
release/1.2.30
release/1.2.4
release/1.2.5
release/1.2.6
release/1.2.7
release/1.2.8
release/1.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40079.json"