CVE-2026-34188

| EUVD-2026-21999 HIGH
2026-04-13 PandoraFMS GHSA-xqmq-m74q-gr4q
Command Injection Pandora Fms
7.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
N

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 16:44 vuln.today
CVSS Changed
Apr 13, 2026 - 16:22 NVD
7.5 (HIGH)

DescriptionNVD

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

OS command injection in Pandora FMS versions 777 through 800 enables high-privileged remote attackers to execute arbitrary operating system commands through the Event Response execution functionality. While requiring administrative credentials (PR:H), successful exploitation grants extensive system access with high confidentiality and integrity impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: inventory all Pandora FMS deployments and identify instances running versions 777-800; restrict administrative access to Event Response functionality through access controls and privileged access management (PAM) policies. Within 7 days: implement compensating controls including network segmentation, activity logging on all administrative actions, and real-time monitoring of Event Response execution. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-34188 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy