The current version of Cacti is release/1.2.31 (as of 16/06/2026).
Cacti
Cacti Group · current release/1.2.31
Actively exploited vulnerabilities
The US cybersecurity agency CISA lists this vulnerability in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.
- CVE-2022-46169Cacti Command Injection Vulnerability
Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.
Cacti at a glance
Cacti is a long-established open-source network monitoring and graphing tool built on RRDtool, common for bandwidth and device graphing. Cacti ships regular releases plus coordinated security fixes; as a web application with network visibility and device credentials, hardening and prompt patching matter.
For admins Cacti has had serious, actively exploited security vulnerabilities (including remote code execution), so apply security releases promptly and never expose it to the internet — keep it strictly on the management network behind authentication. Updates run database changes — back up the database and the RRD files first, and keep the underlying PHP and database supported. Plugins extend Cacti and carry their own risk — keep them minimal and current. After updating, verify that polling and graphs still work. Because its past CVEs have been weaponized, treat Cacti's advisories with particular seriousness. Track the version and its support status; patchletter surfaces new Cacti releases.
Release history · as detected by patchletter
| Version | Channel | Date | Notes |
|---|---|---|---|
| release/1.2.31 | STABLE | 16/06/2026 | Release notes → |
Never miss a Cacti update
We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.
Watch Cacti