CVE-2026-39938
CRITICAL NVDCVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
Jun 24, 2026
Description
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.