CVE-2026-39899
Analyzed Analyzed - Analysis Complete

Path Traversal in Cacti via package_import.php

Vulnerability report for CVE-2026-39899, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-26
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
cacti cacti to 1.2.31 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-39899 is a vulnerability in Cacti, an open source performance and fault management framework. Versions 1.2.30 and earlier are affected by a Path Traversal vulnerability through the filename parameter in the package_import.php file. This means an attacker could manipulate the filename parameter to access files outside the intended directory.

This issue was fixed in version 1.2.31.

Impact Analysis

The Path Traversal vulnerability allows an attacker to potentially read arbitrary files on the server where Cacti is installed. This could lead to unauthorized access to sensitive information, configuration files, or other data that should be protected.

Since the vulnerability can be exploited remotely without authentication (as indicated by the CVSS vector AV:N/AC:L/PR:N/UI:N), it poses a significant security risk.

Mitigation Strategies

The vulnerability in Cacti versions 1.2.30 and prior can be mitigated by upgrading to version 1.2.31 or later, where the issue has been fixed.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-39899 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by checking if your Cacti installation is running version 1.2.30 or earlier, as these versions are vulnerable to path traversal via the filename parameter in package_import.php.

To detect attempts to exploit this vulnerability on your system or network, you can monitor web server logs for suspicious requests to package_import.php that include path traversal patterns such as '../' or encoded equivalents in the filename parameter.

Example commands to search for such suspicious requests in Apache or Nginx logs might include:

  • grep -i 'package_import.php' /var/log/apache2/access.log | grep -E '(\.\./|%2e%2e)'
  • grep -i 'package_import.php' /var/log/nginx/access.log | grep -E '(\.\./|%2e%2e)'

Additionally, verifying the installed Cacti version can be done by checking the application version directly or by running commands such as:

  • grep 'Version' /path/to/cacti/include/config.php
  • or checking the version via the Cacti web interface.

Upgrading to version 1.2.31 or later is recommended to remediate this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart