CVE-2026-40084

Source
https://cve.org/CVERecord?id=CVE-2026-40084
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40084.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40084
Aliases
  • GHSA-mjvw-mhj5-9jcj
Downstream
Published
2026-06-25T22:43:47.441Z
Modified
2026-07-08T08:05:08.970452849Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter
Details

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage (stored injection), lib/htmlreports.php at line 283 stores $save['formatfile'] = $post['formatfile'] directly into the database without any validation. In the second stage (file read), lib/reports.php at line 667 concatenates CACTIPATHFORMATS . '/' . $formatfile, and line 670 then calls file($formatfile), reading arbitrary files from the filesystem. This issue has been fixed in version 1.2.31.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40084.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/cacti/cacti

Affected ranges

Type
GIT
Repo
https://github.com/cacti/cacti
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.31"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

releaes/1.*
releaes/1.2.19
release/1.*
release/1.0.0
release/1.0.1
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.5
release/1.0.6
release/1.1.0
release/1.1.1
release/1.1.11
release/1.1.12
release/1.1.13
release/1.1.14
release/1.1.15
release/1.1.16
release/1.1.17
release/1.1.18
release/1.1.19
release/1.1.2
release/1.1.20
release/1.1.21
release/1.1.22
release/1.1.23
release/1.1.24
release/1.1.25
release/1.1.26
release/1.1.27
release/1.1.28
release/1.1.29
release/1.1.3
release/1.1.30
release/1.1.31
release/1.1.32
release/1.1.33
release/1.1.34
release/1.1.35
release/1.1.36
release/1.1.37
release/1.1.38
release/1.1.4
release/1.1.5
release/1.1.6
release/1.1.7
release/1.1.8
release/1.2.0
release/1.2.1
release/1.2.10
release/1.2.11
release/1.2.12
release/1.2.13
release/1.2.14
release/1.2.15
release/1.2.16
release/1.2.17
release/1.2.18
release/1.2.19
release/1.2.2
release/1.2.20
release/1.2.21
release/1.2.22
release/1.2.23
release/1.2.24
release/1.2.25
release/1.2.26
release/1.2.27
release/1.2.28
release/1.2.29
release/1.2.3
release/1.2.30
release/1.2.4
release/1.2.5
release/1.2.6
release/1.2.7
release/1.2.8
release/1.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40084.json"