HIGHCVE-2026-30809Published 2026-04-13Modified 2026-04-13CNA PandoraFMS

CVE-2026-30809: OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Pandora FMS / Pandora FMS
≤ 800

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

References

pandorafms.com

Metrics