Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.
{ "urgency": "not yet assigned" }
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-40941.json"