CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-40080

mediumCVSS 6.1covered by 1 sourcefirst seen 2026-06-25
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($referer, CACTI_PATH_URL). When the user's login_opts == '1' (redirect to referer after login), the function used $_SERVER['HTTP_REFERER'] directly. An attacker could craft a referer such as https://evil.com/cacti/. Where CACTI_PATH_URL is /cacti/, the substring matches and the user is redirected to evil.com after login. The pre-existing validate_redirect_url() helper at lib/html_utility.php performed proper validation but was not invoked from auth_login_redirect(). This issue has been fixed in version 1.2.31.

⚡ Watch CVE-2026-40080

Get an email if CVE-2026-40080 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-40080

CVE.org record

Embed the live status

CVE-2026-40080 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-40080 status](https://www.csirts.com/badge/CVE-2026-40080)](https://www.csirts.com/cve/CVE-2026-40080)