NVD CRITICAL: CVE-2026-40079 — Cacti is an open source performance and fault management framework. Versions 1.2...
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandl
CVE-2026-40079