CVE-2026-30811

| EUVD-2026-21992 HIGH
2026-04-13 PandoraFMS
Privilege Escalation Pandora Fms
8.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 16:43 vuln.today
CVSS Changed
Apr 13, 2026 - 16:22 NVD
8.4 (HIGH)

DescriptionNVD

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

Unauthorized access to configuration endpoints in Pandora FMS versions 777 through 800 exposes sensitive system information to low-privileged authenticated users. The missing authorization control (CWE-276) allows privilege escalation where authenticated users can access configuration data they should not have permissions to view, potentially revealing credentials, internal architecture details, and security settings. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Pandora FMS instances (versions 777-800) in production via asset inventory and vulnerability scanner; isolate or restrict network access to configuration endpoints if possible. Within 7 days: Contact Pandora FMS vendor for patch availability and timeline; implement network segmentation to limit authenticated user access to configuration APIs. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-30811 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy