latest version: 1.2.10
 Cacti (home)ForumsDocumentation

Cacti: The complete RRDTool-based graphing solution.

What is Cacti?


Support Cacti
Report an Issue

Mailing Lists


Release Notes -

Welcome to Cacti 1.2.10!

IMPORTANT: Prior to this release, 1.2.10, a flaw existed which allowed a malicous actor to execute remote code by use of Guest Accounts with Real Time Access.

This can be countered using any of the following:

  • Ensure PHP greater than 7.2
  • Disabled Guest Account
  • Disabled Guest access to Real Time Graphs
  • Use Cacti 1.2.10+

Special thanks to all that have helped by contributing code and reporting issues on GitHub!

For additional details, please check out the README located on GitHub.


security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
issue#3240: When using User Domains, global template user is used instead of the configured domain template user
issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
issue#3246: When upgrading with remote collectors, sync status does not always return properly
issue#3250: When PHP memory limit is set to -1, recommendation value fails
issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
issue#3254: Installer shows script owner rather than running user for suggested chown command
issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
issue#3274: When editing a tree, multiple device drag/drop does not work
issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
issue#3277: When boost does not find an initial time, numeric errors can be raised
issue#3281: When changing Graph Template options, incorrect image format may be selected
issue#3282: Graph's can be sized incorrectly if image is SVG format
issue#3283: When setting a file path, valid characters not recognised properly
issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
issue#3289: When using CMD.PHP, poller id is not always shown properly
issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github
issue#3302: Editing a Graph Template does not show the Data Template name
Copyright © 2004-2020 The Cacti Group, Inc. - Cacti is the registered trademark The Cacti Group, Inc.

PHP      RRDTool