CVE-2026-40941

Vulnerability Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.

Related Weaknesses (CWE)

CWE-347

References

https://github.com/Cacti/cacti/pull/7054
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.31
https://github.com/Cacti/cacti/security/advisories/GHSA-274c-97hj-pv2v

FAQ

What is CVE-2026-40941?

CVE-2026-40941 is a documented vulnerability. Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has...

How severe is CVE-2026-40941?

CVSS scoring is not yet available for CVE-2026-40941. Check NVD for updates.

Is there a patch for CVE-2026-40941?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.