A vulnerability, which was classified as critical , was found in Cacti up to 1.2.30 . This impacts the function escape_command in the library lib/rrd.php . The manipulation of the argument command results in os command injection. This vulnerability is identified as CVE-2026-40079 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.