CVE-2026-40941
Received Received - Intake
Package Import Signature Validation Bypass in Cacti

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: GitHub, Inc.

Description
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-40941
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cacti cacti to 1.2.31 (exc)
cacti cacti 1.2.31
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Cacti, an open source performance and fault management framework. Versions 1.2.30 and earlier have a flaw in the package import signature validation process that allows bypassing the validation. This means that self-signed packages, which normally might be rejected, can be accepted and imported due to this bypass.

The issue was fixed in version 1.2.31.

Impact Analysis

By allowing self-signed packages to be imported without proper signature validation, an attacker with limited privileges could potentially introduce malicious or unauthorized code into the Cacti system. This could lead to compromise of the system's integrity or availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade Cacti to version 1.2.31 or later, as this version contains the fix for the package import signature validation bypass that allows self-signed packages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart