Cacti Security Vulnerabilities (CVEs)

Track 24 security vulnerabilities affecting Cacti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

15 High

5 Medium

Sort by:

🔔 Get Alerts for Cacti

CVE-2025-66399 8.8

This vulnerability allows authenticated Cacti users to inject malicious SNMP community strings containing control characters like newlines. When these...

Dec 2, 2025

CVE-2005-10004 8.8

This vulnerability allows authenticated users to execute arbitrary shell commands on Cacti servers through improper input handling in the graph_view.p...

Aug 30, 2025

CVE-2025-26520 7.6

CVE-2025-26520 is an SQL injection vulnerability in Cacti's host_templates.php file via the graph_template parameter. This allows attackers to execute...

Feb 12, 2025

CVE-2025-24367 8.8

An authenticated Cacti user can abuse graph creation functionality to write arbitrary PHP files to the web root, leading to remote code execution on t...

Jan 27, 2025

CVE-2025-24368 7.5

This SQL injection vulnerability in Cacti allows attackers to manipulate database queries through the automation_tree_rules.php interface. Attackers c...

Jan 27, 2025

CVE-2025-22604 9.1

CVE-2025-22604 is a command injection vulnerability in Cacti's SNMP result parser that allows authenticated users to execute arbitrary system commands...

Jan 27, 2025

CVE-2024-54145 6.3

CVE-2024-54145 is a SQL injection vulnerability in Cacti's automation_devices.php file that allows attackers to execute arbitrary SQL commands through...

Jan 27, 2025

CVE-2024-54146 7.6

Cacti versions before 1.2.29 contain a SQL injection vulnerability in the host_templates.php template function via the graph_template parameter. This ...

Jan 27, 2025

CVE-2024-45598 6.0

This vulnerability in Cacti allows administrators to read arbitrary local files on the server by manipulating the Poller Standard Error Log Path param...

Jan 27, 2025

CVE-2024-43364 5.7

This stored XSS vulnerability in Cacti allows authenticated users with external link creation privileges to inject malicious scripts via the title par...

Oct 7, 2024

CVE-2024-43362 7.3

This stored XSS vulnerability in Cacti allows authenticated users with external link creation privileges to inject malicious scripts into web pages. W...

Oct 7, 2024

CVE-2024-31459 8.0

CVE-2024-31459 is a critical vulnerability in Cacti monitoring software that allows remote code execution through a combination of SQL injection and f...

May 14, 2024

CVE-2024-31445 8.8

This SQL injection vulnerability in Cacti allows authenticated users to execute arbitrary SQL commands, potentially leading to privilege escalation an...

May 14, 2024

CVE-2024-31443 5.7

CVE-2024-31443 is a cross-site scripting (XSS) vulnerability in Cacti's data query functionality. Attackers can inject malicious scripts that execute ...

May 14, 2024

CVE-2024-29894 5.4

CVE-2024-29894 is a residual cross-site scripting (XSS) vulnerability in Cacti monitoring software that allows attackers to inject malicious JavaScrip...

May 14, 2024

CVE-2024-25641 9.1

CVE-2024-25641 is an arbitrary file write vulnerability in Cacti's Package Import feature that allows authenticated users with 'Import Templates' perm...

May 14, 2024

CVE-2023-49084 8.0

This CVE-2023-49084 vulnerability in Cacti allows authenticated users to perform SQL injection and arbitrary code execution on the server through the ...

Dec 21, 2023

CVE-2023-31132 7.8

This CVE describes a privilege escalation vulnerability in Cacti where low-privileged Windows users can create arbitrary PHP files in web directories ...

Sep 5, 2023

CVE-2023-39357 8.8

CVE-2023-39357 is a SQL injection vulnerability in Cacti's sql_save function that allows authenticated users to execute arbitrary SQL commands. This c...

Sep 5, 2023

CVE-2023-39362 7.2

This vulnerability allows authenticated privileged users in Cacti 1.2.24 to perform command injection through SNMP device configuration, leading to re...

Sep 5, 2023

CVE-2023-39359 8.8

An authenticated SQL injection vulnerability in Cacti allows authenticated users to escalate privileges and execute arbitrary code remotely. The vulne...

Sep 5, 2023

CVE-2023-39361 9.8

CVE-2023-39361 is a critical SQL injection vulnerability in Cacti's graph_view.php that allows unauthenticated attackers to execute arbitrary SQL comm...

Sep 5, 2023

CVE-2023-37543 7.5

CVE-2023-37543 is an Insecure Direct Object Reference (IDOR) vulnerability in Cacti that allows attackers to access any monitoring graph by manipulati...

Aug 10, 2023

CVE-2022-0730 9.8

CVE-2022-0730 is an authentication bypass vulnerability in Cacti that allows attackers to gain unauthorized access under specific LDAP configurations....

Mar 3, 2022

Why Monitor Cacti Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 24+ known vulnerabilities affecting Cacti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Cacti packages in under 60 seconds. No agents required - completely agentless scanning that works across Cacti deployments.

Free vulnerability database: Access detailed information about every Cacti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Cacti CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Cacti CVEs Free