A vulnerability identified as problematic has been detected in Cacti up to 1.2.30 . Impacted is an unknown function of the file auth_profile.php . This manipulation of the argument tab causes cross site scripting. This vulnerability appears as CVE-2026-39900 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.