A vulnerability classified as critical was found in Cacti up to 1.2.30 . The impacted element is an unknown function of the file graph_view.php . Executing a manipulation can lead to sql injection. The identification of this vulnerability is CVE-2026-39955 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.