EIP-2026-105682

PRE-CVE

Cacti 0.8.7e - OS Command Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105682. PoCs published by Nahuel Grisolia.

AI-analyzed exploit summary This is a vulnerability advisory describing a remote command execution (RCE) flaw in Cacti due to insufficient input sanitization. The advisory outlines two methods to exploit the vulnerability, allowing command execution with web server privileges.

Description

Cacti 0.8.7e - OS Command Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Nahuel Grisolia · textwebappsphp

https://www.exploit-db.com/exploits/12339

View Code ZIP pw:eip

This is a vulnerability advisory describing a remote command execution (RCE) flaw in Cacti due to insufficient input sanitization. The advisory outlines two methods to exploit the vulnerability, allowing command execution with web server privileges.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cacti (version not specified)

Auth required

Prerequisites: Valid credentials to edit or create devices/graph templates in Cacti

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026