CVE-2026-39899

N/A Unknown
Published: June 24, 2026 Modified: June 24, 2026
View on NVD

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/Cacti/cacti/pull/6899
Source: security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-pr9x-34w8-4mf7
Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-39955 9.8
CVE-2026-39948 N/A
CVE-2026-39938 9.8
CVE-2026-39900 N/A
CVE-2025-8106 N/A