CVE-2026-40941

Publié : 25 juin 2026

Modifié : 25 juin 2026

Description détaillée

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.

Références et Patchs

https://github.com/Cacti/cacti/pull/7054 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.31 https://github.com/Cacti/cacti/security/advisories/GHSA-274c-97hj-pv2v

Dernières Vulnérabilités

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.

VOIR DÉTAILS

CVE-2026-9221

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.

VOIR DÉTAILS

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.

VOIR DÉTAILS