CVE-2026-40079

Cacti 1.2.30 and earlier are vulnerable to a Command Injection due to a no‑op escape_command() in lib/rrd.php, which returns the command unchanged. The graph command assembled by rrdtool_function_graph() is passed to shell_exec via __rrd_execute(), with possible host variable substitutions from g...

DEBIAN-CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3. A patched version of the package is available...

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

...

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

UBUNTU-CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958

The CVE-2026-43958 vulnerability affects rrdcached (part of rrdtool). A local attacker with access to the rrdcached socket can trigger a stack-based buffer overflow by sending an oversized CREATE request, leading to denial of service or potential arbitrary code execution, compromising data integr...

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

OETIKER+PARTNER RRDtool 安全漏洞

OETIKER+PARTNER RRDtool is a time-series data storage and plotting system developed by OETIKER+PARTNER Inc. There is a security vulnerability in OETIKER+PARTNER RRDtool; this vulnerability stems from a stack buffer overflow issue. It could allow local attackers to cause the daemon process to cras...

Fedora 44 : rrdtool (2026-87a8048005)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-87a8048005 advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...