A vulnerability classified as critical has been found in Cacti up to 1.2.30 . The affected element is the function grv in the library lib/html_graph.php of the component Request Parameter Handler . Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-39948 . The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.