Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cacti — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting Cacti. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cacti is an open-source network monitoring and graphing tool primarily used by system administrators to visualize network traffic, device performance, and system metrics through RRDtool integration. Despite its widespread deployment in enterprise environments, the software has historically suffered from numerous security flaws, currently totaling 49 recorded CVEs. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation in PHP scripts and weak authentication mechanisms. Notable incidents include arbitrary file inclusion attacks that allowed attackers to execute malicious code on the server. The application’s reliance on older PHP frameworks and complex configuration files has frequently introduced injection points. While essential for infrastructure visibility, Cacti requires rigorous patching and strict access controls to mitigate risks associated with its extensive attack surface and legacy codebase.

Top products by Cacti: cacti
CVE IDTitleCVSSSeverityPublished
CVE-2025-66399 SNMP Command Injection leads to RCE in Cacti — cactiCWE-77 8.8AIHighAI2025-12-02
CVE-2025-26520 Cacti 安全漏洞 — CactiCWE-89 7.6 High2025-02-12
CVE-2025-24368 Cacti has a SQL Injection vulnerability when using tree rules through Automation API — cactiCWE-89 9.8 -2025-01-27
CVE-2025-24367 Cacti allows Arbitrary File Creation leading to RCE — cactiCWE-144 8.8 -2025-01-27
CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses — cactiCWE-78 9.1 Critical2025-01-27
CVE-2024-54145 Cacti has a SQL Injection vulnerability when request automation devices — cactiCWE-89 6.3 Medium2025-01-27
CVE-2024-54146 Cacti has a SQL Injection vulnerability when view host template — cactiCWE-89 7.6 High2025-01-27
CVE-2024-45598 Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path — cactiCWE-22 6.0 Medium2025-01-27
CVE-2024-43363 Remote code execution via Log Poisoning in Cacti — cactiCWE-94 7.2 High2024-10-07
CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti — cactiCWE-79 5.7 Medium2024-10-07
CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti — cactiCWE-79 5.7 Medium2024-10-07
CVE-2024-43362 Stored Cross-site Scripting (XSS) when creating external links in Cacti — cactiCWE-79 7.3 High2024-10-07
CVE-2024-34340 Authentication Bypass when using using older password hashes — cactiCWE-287 9.1 Critical2024-05-13
CVE-2024-31460 Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database — cactiCWE-89 6.5 Medium2024-05-13
CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php — cactiCWE-98 8.1 High2024-05-13
CVE-2024-31458 Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database — cactiCWE-89 4.6 Medium2024-05-13
CVE-2024-31445 SQL Injection vulnerability in automation_get_new_graphs_sql — cactiCWE-89 8.8 High2024-05-13
CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database — cactiCWE-79 4.6 Medium2024-05-13
CVE-2024-31443 Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database — cactiCWE-79 5.7 Medium2024-05-13
CVE-2024-30268 Cacti XSS vulnerability in display_settings — cactiCWE-79 6.1 Medium2024-05-13
CVE-2024-29895 Cacti command injection in cmd_realtime.php — cactiCWE-77 10.0 Critical2024-05-13
CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API — cactiCWE-116 5.4 Medium2024-05-13
CVE-2024-27082 Cacti Cross-site Scripting vulnerability when managing trees — cactiCWE-79 7.6 High2024-05-13
CVE-2024-25641 Cacti RCE vulnerability when importing packages — cactiCWE-20 9.1 Critical2024-05-13
CVE-2023-51448 SQL Injection vulnerability when managing SNMP Notification Receivers — cactiCWE-89 8.8 High2023-12-22
CVE-2023-50250 Cross-Site Scripting vulnerability when Import xml template file — cactiCWE-79 5.4 Medium2023-12-22
CVE-2023-49088 Cacti has incomplete fix for CVE-2023-39515 — cactiCWE-79 6.1 Medium2023-12-22
CVE-2023-49085 Cacti SQL Injection vulnerability — cactiCWE-89 8.8 High2023-12-22
CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM — cactiCWE-79 5.4 Medium2023-12-21
CVE-2023-49084 Local File Inclusion (RCE) in Cacti — cactiCWE-98 8.1 High2023-12-21

This page lists every published CVE security advisory associated with Cacti. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.