Cacti is a free and open-source, web-based network monitoring and graphing application. It functions as a front end for RRDtool, collecting time-series data from network devices and presenting the data as graphs through a web interface.
Created by Ian Berry in 2001, Cacti is written in PHP, uses MySQL or MariaDB for configuration storage, and is released under the GNU General Public License.
The software has been covered as a practical open-source monitoring tool by technology publications including InfoWorld, Linux.com, Computer Weekly, Network World and Opensource.com.
History
Berry began Cacti while working for a small internet service provider during high school. In a 2007 account, he said the project was intended to offer more ease of use than RRDtool and more flexibility than MRTG. Version 0.8.7 followed in October 2007.
After a period in which the 0.8.8 branch received mainly bug fixes and security patches, The Cacti Group released version 1.0.0 in January 2017. The release added multiple data collectors, user group permissions, multiple polling intervals and site support.
Features and architecture
Cacti operates on a polling cycle. At configured intervals, a data collector queries monitored devices, records the resulting values, and passes them to RRDtool for storage and graph generation.
The application uses templates to define monitored data, graph presentation and device profiles. Administrators can use templates to apply common graph and data-source definitions across multiple devices. The FreeBSD Ports collection includes Cacti under <code>net-mgmt/cacti</code> as a web-driven graphing interface for RRDtool.
Cacti has also been used as a component in other monitoring products. IBM Spectrum LSF RTM, an operational dashboard for IBM Spectrum LSF environments, uses Cacti as a graphical user-interface framework for monitoring, reporting and alerting; IBM documents the LSF-specific functions as a Cacti plugin layered on top of the open-source package.
Security
In December 2022, SonarSource disclosed , an unauthenticated remote code execution vulnerability in Cacti's <code>remote_agent.php</code> endpoint. The flaw combined an authentication bypass with command injection and received a CVSS score of 9.8 from the National Vulnerability Database. The Cacti Group patched the vulnerability in version 1.2.23.
In January 2023, BleepingComputer reported active exploitation of the vulnerability, including deployment of Mirai malware and IRC-based botnets against unpatched systems. The Cybersecurity and Infrastructure Security Agency added CVE-2022-46169 to its Known Exploited Vulnerabilities catalog in February 2023.
Later releases addressed additional vulnerabilities. Version 1.2.27, released in May 2024, patched twelve issues, including arbitrary file write and command-injection vulnerabilities. Version 1.2.29, released in February 2025, patched an authenticated remote code execution vulnerability involving multi-line SNMP responses.
Reception
InfoWorld reviewed Cacti in 2006 as a useful first step for organizations adopting network monitoring, noting that it made RRDtool-based graphing easier to configure through a web interface.
Later coverage continued to list Cacti among free or open-source network-monitoring tools. Network World included it in a 2022 list of free tools for network engineers, and Opensource.com listed it among open-source network monitoring tools in 2019.