HIGHCVE-2026-30806Published 2026-04-13Modified 2026-04-13CNA PandoraFMS

CVE-2026-30806: OS Command Injection in Network Report leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Pandora FMS / Pandora FMS
≤ 800

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

References

pandorafms.com

Metrics