Article · Wikipedia archive · Last revised Jun 3, 2026

Cacti (software)

Cacti is a free and open-source, web-based network monitoring and graphing application. It functions as a front end for RRDtool, collecting time-series data from network devices and presenting the data as graphs through a web interface.

Last revised
Jun 3, 2026
Read time
≈ 5 min
Length
1,207 w
Citations
42
Source
Wikipedia ↗
Cacti
Original authorIan Berry
DevelopersThe Cacti Group, Inc.
Initial releaseSeptember 23, 2001 (2001-09-23)1
Stable release
1.2.302 Edit this on Wikidata / 23 March 2025 (23 March 2025)
Written inPHP3
Operating systemLinux, FreeBSD, macOS, Windows
TypeNetwork monitoring
LicenseGNU General Public License
Websitewww.cacti.net
Repositorygithub.com/Cacti/cacti

Cacti is a free and open-source, web-based network monitoring and graphing application. It functions as a front end for RRDtool, collecting time-series data from network devices and presenting the data as graphs through a web interface.45

Created by Ian Berry in 2001, Cacti is written in PHP, uses MySQL or MariaDB for configuration storage, and is released under the GNU General Public License.63 It polls devices through Simple Network Management Protocol (SNMP), stores values in RRDtool databases, and can also collect data through scripts and executables.7

The software has been covered as a practical open-source monitoring tool by technology publications including InfoWorld, Linux.com, Computer Weekly, Network World and Opensource.com.5891011

History

Berry began Cacti while working for a small internet service provider during high school. In a 2007 account, he said the project was intended to offer more ease of use than RRDtool and more flexibility than MRTG.6 The first public files for version 0.5 were published on SourceForge on September 23, 2001.1

Version 0.8.6, released in September 2004, brought additional developers and improvements in speed and scalability.612 Version 0.8.7 followed in October 2007.13

After a period in which the 0.8.8 branch received mainly bug fixes and security patches, The Cacti Group released version 1.0.0 in January 2017.14 The release added multiple data collectors, user group permissions, multiple polling intervals and site support.14 The 1.2.x branch began in 2019 and continued as the main stable series in the 2020s.15

Features and architecture

Cacti operates on a polling cycle. At configured intervals, a data collector queries monitored devices, records the resulting values, and passes them to RRDtool for storage and graph generation.4 The default PHP poller, cmd.php, is intended for smaller installations; Spine, a multi-threaded C-based poller, is used for larger deployments.16

The application uses templates to define monitored data, graph presentation and device profiles. Administrators can use templates to apply common graph and data-source definitions across multiple devices.7 Cacti also supports role-based access control, external authentication through LDAP or Active Directory, automatic device discovery and remote pollers for distributed monitoring.7

Cacti's plugin architecture extends the application beyond graphing. Official and community plugins add functions such as threshold alerting, syslog collection, NetFlow and sFlow reporting, device status dashboards, configuration auditing and network topology maps.3

Distribution and use

Cacti is packaged by several operating-system distributions. The Debian package describes it as a PHP-driven front end for RRDtool that stores data-source information, handles data gathering and populates a MySQL database with round-robin archives.17 The FreeBSD Ports collection includes Cacti under net-mgmt/cacti as a web-driven graphing interface for RRDtool.18

Cacti has also been used as a component in other monitoring products. IBM Spectrum LSF RTM, an operational dashboard for IBM Spectrum LSF environments, uses Cacti as a graphical user-interface framework for monitoring, reporting and alerting; IBM documents the LSF-specific functions as a Cacti plugin layered on top of the open-source package.19

Security

In December 2022, SonarSource disclosed CVE-2022-46169, an unauthenticated remote code execution vulnerability in Cacti's remote_agent.php endpoint. The flaw combined an authentication bypass with command injection and received a CVSS score of 9.8 from the National Vulnerability Database.2021 The Cacti Group patched the vulnerability in version 1.2.23.22

In January 2023, BleepingComputer reported active exploitation of the vulnerability, including deployment of Mirai malware and IRC-based botnets against unpatched systems.23 The Cybersecurity and Infrastructure Security Agency added CVE-2022-46169 to its Known Exploited Vulnerabilities catalog in February 2023.24

Later releases addressed additional vulnerabilities. Version 1.2.27, released in May 2024, patched twelve issues, including arbitrary file write and command-injection vulnerabilities.25 Version 1.2.29, released in February 2025, patched an authenticated remote code execution vulnerability involving multi-line SNMP responses.26

Reception

InfoWorld reviewed Cacti in 2006 as a useful first step for organizations adopting network monitoring, noting that it made RRDtool-based graphing easier to configure through a web interface.5 Linux.com described it in 2005 as a network-monitoring package for collecting and visualizing SNMP data.8 Computer Weekly covered Cacti in 2008 as an open-source option for router monitoring.9 In a 2008 roundup of open-source monitoring tools, InfoWorld described Cacti as a leading open-source network graphing tool and emphasized its templates for monitoring SNMP-speaking devices such as servers, routers and switches.27

Later coverage continued to list Cacti among free or open-source network-monitoring tools. Network World included it in a 2022 list of free tools for network engineers, and Opensource.com listed it among open-source network monitoring tools in 2019.1011

See also

See also

References

References

  1. "Cacti - Browse / cacti / cacti-0.5". SourceForge. September 23, 2001. Retrieved May 22, 2026.
  2. "Release 1.2.30". March 23, 2025. Retrieved April 24, 2025.
  3. "Cacti Organization". GitHub. Retrieved May 22, 2026.
  4. "What is Cacti?". The Cacti Group, Inc. Retrieved May 22, 2026.
  5. Rist, Oliver (August 10, 2006). "Cacti makes network monitoring less painful". InfoWorld. Retrieved May 22, 2026.
  6. Goldman, George (January 17, 2007). "The network graphing solution Cacti was designed to provide more ease of use than RRDtool and more flexibility than MRTG". ISP-Planet. Retrieved May 22, 2026.
  7. "Cacti - Features". The Cacti Group, Inc. Retrieved May 22, 2026.
  8. Nag, Aditya (October 28, 2005). "Network monitoring with Cacti". Linux.com. Retrieved May 22, 2026.
  9. Davis, David (January 9, 2008). "Open source network monitoring: Monitor your routers with Cacti". Computer Weekly. Retrieved May 22, 2026.
  10. Breeden, John (December 6, 2022). "12 killer (and free) tools for network engineers". Network World. Retrieved May 22, 2026.
  11. Bischoff, Paul (February 4, 2019). "Top 5 open source network monitoring tools". Opensource.com. Retrieved May 22, 2026.
  12. "Cacti - Browse / cacti / cacti-0.8.6". SourceForge. September 13, 2004. Retrieved May 22, 2026.
  13. "Cacti - Browse / cacti / cacti-0.8.7". SourceForge. October 23, 2007. Retrieved May 22, 2026.
  14. "Cacti 1.0.0 Release Notes". The Cacti Group, Inc. January 29, 2017. Retrieved May 22, 2026.
  15. "Tags: Cacti/cacti". GitHub. Retrieved May 22, 2026.
  16. "Cacti - Spine Information". The Cacti Group, Inc. Retrieved May 22, 2026.
  17. "Debian -- Details of package cacti in sid". Debian Packages. Retrieved May 22, 2026.
  18. "FreshPorts -- net-mgmt/cacti: Web-driven graphing interface for RRDTool". FreshPorts. Retrieved May 22, 2026.
  19. "About IBM Spectrum LSF RTM". IBM. Retrieved May 22, 2026.
  20. "Cacti: Unauthenticated Remote Code Execution". SonarSource. January 2, 2023. Retrieved May 22, 2026.
  21. "CVE-2022-46169 Detail". National Institute of Standards and Technology. Retrieved May 22, 2026.
  22. "GHSA-6p93-p743-35gf: Unauthenticated Command Injection". GitHub. December 5, 2022. Retrieved May 22, 2026.
  23. Ilascu, Ionut (January 15, 2023). "Hackers exploit Cacti critical bug to install malware, open reverse shells". BleepingComputer. Retrieved May 22, 2026.
  24. "Known Exploited Vulnerabilities Catalog". Cybersecurity and Infrastructure Security Agency. Retrieved May 22, 2026.
  25. "Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code". The Hacker News. May 14, 2024. Retrieved May 22, 2026.
  26. "GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses". GitHub. January 26, 2025. Retrieved May 22, 2026.
  27. "Killer open source monitoring tools". InfoWorld. May 19, 2008. Retrieved May 22, 2026.
Further reading

Further reading

  • Lavlu, S. M. (2009). Cacti 0.8 Network Monitoring. Packt Publishing. ISBN 1-84719-596-2.
  • Urban, Thomas (2011). Cacti 0.8 Beginner's Guide. Packt Publishing. ISBN 1-84951-392-9.
  • Urban, Thomas (2017). Cacti Beginner's Guide (2nd ed.). Packt Publishing. ISBN 9781788299183.
External links