Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report format_file Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage (stored injection), lib/html_reports.php at line 283 stores $save['format_file'] = $post['format_file'] directly into the database without any validation. In the second stage (file read), lib/reports.php at line 667 concatenates CACTI_PATH_FORMATS . '/' . $format_file, and line 670 then calls file($format_file), reading arbitrary files from the filesystem. This issue has been fixed in version 1.2.31.
Metrics
Affected Vendors & Products
References
History
Fri, 26 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 26 Jun 2026 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cacti
Cacti cacti |
|
| Vendors & Products |
Cacti
Cacti cacti |
Thu, 25 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report format_file Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage (stored injection), lib/html_reports.php at line 283 stores $save['format_file'] = $post['format_file'] directly into the database without any validation. In the second stage (file read), lib/reports.php at line 667 concatenates CACTI_PATH_FORMATS . '/' . $format_file, and line 670 then calls file($format_file), reading arbitrary files from the filesystem. This issue has been fixed in version 1.2.31. | |
| Title | Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-25T22:43:47.441Z
Updated: 2026-06-26T12:44:37.984Z
Reserved: 2026-04-09T00:39:12.205Z
Link: CVE-2026-40084
Updated: 2026-06-26T12:44:15.604Z
No data.
No data.