openSUSE Backports Cacti Important Security Fixes 2026-0169-1
opensuse
May 18, 2026
An update that contains security fixes can now be installed.
Description
This update for cacti fixes the following issues:
- Update to version 1.2.30+git422.049d9187:
* fix(cli): repair dead PHP-binary dash-prefix guard in
push_out_hosts.php (#7148)
* security: require POST for data_input.php?action=whitelist_update
(#7149)
* fix(database): guard db_fetch_cell_return against missing column name
(#7150)
* fix(poller-cache): reset loop-scoped $oid and $script_path between
iterations (#7136)
* security(1.2.x): cacti_validate_sort_column allowlist and related sink
hardening (#7072)
* fix: Minor wording missed in last pull (#7144)
* Data input push issues (#7143)
* fix: cacti_input_string_is_safe rejected quoted and digit-suffixed
placeholders (#7130)
* fix(poller-cache): four integrity bugs in lib/utility.php (#7134)
* Checkbox defaults and unsafe metachars (#7141)
* fix(test-infra): point Playwright harness plugin defaults at develop,
not...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-169=1
Package List
- openSUSE Backports SLE-15-SP7 (noarch):
cacti-1.2.30+git422.049d9187-bp157.2.9.1
References
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:0169-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!