Skip to main content

Pandora FMS CVE-2026-30808

| EUVD-2026-29496 HIGH
Session Fixation (CWE-384)
2026-05-12 PandoraFMS GHSA-j2qp-cx58-m78p
Information Disclosure Session Fixation
7.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:L/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
N

Lifecycle Timeline

3
Analysis Generated
May 12, 2026 - 16:33 vuln.today
CVSS changed
May 12, 2026 - 16:22 NVD
7.6 (HIGH)
CVE Published
May 12, 2026 - 15:11 nvd
HIGH 7.6

DescriptionNVD

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

Session fixation in Pandora FMS versions 777-800 enables session hijacking when attackers supply crafted session IDs to users. Successful exploitation grants attackers complete access to victim user sessions with high confidentiality and integrity impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Audit all Pandora FMS deployments to identify instances running versions 777-800 and document current user base and system criticality. Within 7 days: Implement network-level controls to restrict Pandora FMS access to authenticated internal networks only, disable external web access if possible, and enforce session timeout policies to minimum 15-minute idle timeout. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-30808 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy