EUVD-2026-21986

| CVE-2026-30804 HIGH
2026-04-13 PandoraFMS
File Upload RCE Pandora Fms
8.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
N

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 16:42 vuln.today
CVSS Changed
Apr 13, 2026 - 16:22 NVD
8.6 (HIGH)

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

Remote code execution in Pandora FMS versions 777 through 800 enables authenticated administrators to upload malicious files and execute arbitrary code on the server. The vulnerability stems from inadequate file type validation during upload operations, allowing attackers with high-privilege credentials to bypass security controls. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Pandora FMS deployments and identify instances running versions 777-800; document administrative user accounts and access logs for anomalies. Within 7 days: Restrict administrative access to Pandora FMS to only essential personnel, enforce MFA on admin accounts if supported, and disable file upload functionality if operationally feasible, or implement compensating controls (see below). …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-21986 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy