CVE-2026-40083
Analyzed Analyzed - Analysis Complete

SQL Injection in Cacti Performance Monitoring Framework

Vulnerability report for CVE-2026-40083, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-30

Assigner: GitHub, Inc.

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Then, at lines 760 to 766, the deserialized array values are passed directly into db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',', $selected_items) . ')'), where they are imploded into the SQL statement without any integer validation, resulting in SQL Injection when using SNMP agent management permissions. This issue has been fixed in version 1.2.31.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-30
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
cacti cacti to 1.2.31 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by checking if your Cacti installation is running version 1.2.30 or earlier, as these versions are affected by the SQL injection issue in managers.php.

To detect exploitation attempts or presence of the vulnerability, you can monitor web server logs for suspicious requests containing the parameter 'selected_graphs_array' with unusual or malicious payloads.

Since the vulnerability involves unsanitized input being passed to an SQL DELETE statement, you can also look for abnormal database queries or errors related to the 'snmpagent_managers' table.

Suggested commands include:

  • Using grep to find suspicious HTTP requests in web server logs: grep -i 'selected_graphs_array' /var/log/apache2/access.log
  • Using SQL query logging or monitoring to detect unusual DELETE statements on the 'snmpagent_managers' table.
  • Checking the installed Cacti version: cat /path/to/cacti/version or via the Cacti web interface to confirm if it is 1.2.30 or earlier.
Executive Summary

This vulnerability exists in Cacti versions 1.2.30 and prior, where an SQL Injection flaw occurs in the managers.php file. The issue arises because the application unserializes user input without proper validation and then directly uses the resulting array values in an SQL DELETE statement without ensuring they are integers. Specifically, the deserialized array values are concatenated into the SQL query via implode without integer validation, allowing an attacker with SNMP agent management permissions to inject malicious SQL code.

Impact Analysis

This SQL Injection vulnerability can have severe impacts including unauthorized data manipulation or deletion, data leakage, and potentially full compromise of the database. Because the vulnerability allows an attacker to execute arbitrary SQL commands with SNMP agent management permissions, it can lead to loss of data integrity, confidentiality, and availability.

Mitigation Strategies

The vulnerability is fixed in Cacti version 1.2.31. The immediate step to mitigate this vulnerability is to upgrade your Cacti installation to version 1.2.31 or later.

Compliance Impact

The vulnerability is a SQL Injection in Cacti versions 1.2.30 and prior, which allows an attacker with SNMP agent management permissions to execute arbitrary SQL commands. This can lead to unauthorized access, modification, or deletion of sensitive data.

Such unauthorized access and potential data breaches can impact compliance with data protection regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive information from unauthorized access and ensure data integrity.

Therefore, exploitation of this vulnerability could result in violations of these standards due to compromised confidentiality, integrity, and availability of data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40083. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart