Skip to main content

Pandora Fms CVE-2026-30804

| EUVD-2026-21986 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-04-13 PandoraFMS
File Upload RCE Pandora Fms
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
N

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:52 vuln.today
cvss_changed
Analysis Generated
Apr 13, 2026 - 16:42 vuln.today
CVSS changed
Apr 13, 2026 - 16:22 NVD
8.6 (HIGH)
EUVD ID Assigned
Apr 13, 2026 - 16:15 euvd
EUVD-2026-21986
Analysis Generated
Apr 13, 2026 - 16:15 vuln.today
CVE Published
Apr 13, 2026 - 15:44 nvd
HIGH 8.6

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

Remote code execution in Pandora FMS versions 777 through 800 enables authenticated administrators to upload malicious files and execute arbitrary code on the server. The vulnerability stems from inadequate file type validation during upload operations, allowing attackers with high-privilege credentials to bypass security controls. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise admin credentials
Delivery
Authenticate to Pandora FMS web interface
Exploit
Upload malicious PHP web shell
Execution
Access uploaded shell via HTTP
Persist
Execute arbitrary system commands
Impact
Exfiltrate monitoring data or pivot to monitored infrastructure
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires high-privilege authenticated access to Pandora FMS versions 777-800. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk assessment reveals moderate-to-high severity with important caveats. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised administrative credentials for a Pandora FMS instance (through phishing, credential stuffing, or insider threat) logs into the web interface and navigates to a file upload feature within the administrative panel. The attacker uploads a PHP web shell disguised with a legitimate-appearing filename, which the vulnerable application accepts without proper validation. …
Remediation Organizations should immediately upgrade Pandora FMS to the latest patched version beyond build 800. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Pandora FMS deployments and identify instances running versions 777-800; document administrative user accounts and access logs for anomalies. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-30804 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy