patchletter

The current version of Cacti is release/1.2.31 (as of 16/06/2026).

Cacti

Cacti Group · current release/1.2.31

Actively exploited vulnerabilities

The US cybersecurity agency CISA lists this vulnerability in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.

Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.

Cacti at a glance

Cacti is a long-established open-source network monitoring and graphing tool built on RRDtool, common for bandwidth and device graphing. Cacti ships regular releases plus coordinated security fixes; as a web application with network visibility and device credentials, hardening and prompt patching matter.

For admins Cacti has had serious, actively exploited security vulnerabilities (including remote code execution), so apply security releases promptly and never expose it to the internet — keep it strictly on the management network behind authentication. Updates run database changes — back up the database and the RRD files first, and keep the underlying PHP and database supported. Plugins extend Cacti and carry their own risk — keep them minimal and current. After updating, verify that polling and graphs still work. Because its past CVEs have been weaponized, treat Cacti's advisories with particular seriousness. Track the version and its support status; patchletter surfaces new Cacti releases.

Release history · as detected by patchletter

VersionChannelDateNotes
release/1.2.31STABLE16/06/2026Release notes →

Never miss a Cacti update

We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.

Watch Cacti

Related tools in Monitoring & ITSM