{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30809", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "state": "PUBLISHED", "assignerShortName": "PandoraFMS", "dateReserved": "2026-03-05T16:16:01.151Z", "datePublished": "2026-04-13T15:46:53.349Z", "dateUpdated": "2026-04-13T18:05:50.375Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2026-04-13T15:46:53.349Z"}, "title": "OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution", "datePublic": "2026-04-13T15:48:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "Pandora FMS", "product": "Pandora FMS", "platforms": ["all"], "versions": [{"status": "affected", "version": "777", "lessThanOrEqual": "800", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800"}]}], "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber"}}], "solutions": [{"lang": "en", "value": "Fixed in v800.1 and v801 Pandora FMS versions", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Fixed in v800.1 and v801 Pandora FMS versions"}]}], "credits": [{"lang": "en", "value": "Pedro J. N\u00fa\u00f1ez-Cacho Fuentes <tunelko@gmail.com>", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T18:05:28.661142Z", "id": "CVE-2026-30809", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T18:05:50.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T18:05:28.661142Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T18:05:39.910Z"}}], "cna": {"title": "OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Pedro J. N\u00fa\u00f1ez-Cacho Fuentes <tunelko@gmail.com>"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pandora FMS", "product": "Pandora FMS", "versions": [{"status": "affected", "version": "777", "versionType": "custom", "lessThanOrEqual": "800"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Fixed in v800.1 and v801 Pandora FMS versions", "supportingMedia": [{"type": "text/html", "value": "Fixed in v800.1 and v801 Pandora FMS versions", "base64": false}]}], "datePublic": "2026-04-13T15:48:00.000Z", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2026-04-13T15:46:53.349Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30809", "state": "PUBLISHED", "dateUpdated": "2026-04-13T18:05:50.375Z", "dateReserved": "2026-03-05T16:16:01.151Z", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "datePublished": "2026-04-13T15:46:53.349Z", "assignerShortName": "PandoraFMS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800"}], "id": "CVE-2026-30809", "lastModified": "2026-04-13T16:16:25.853", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "security@pandorafms.com", "type": "Secondary"}]}, "published": "2026-04-13T16:16:25.853", "references": [{"source": "security@pandorafms.com", "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "sourceIdentifier": "security@pandorafms.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@pandorafms.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[777,800]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Pandora FMS", "source": "cna", "vendor": "Pandora FMS"}, "product": "pandora_fms", "vendor": "pandora_fms"}], "analysis": {"en": {"generated_at": "2026-04-13T19:05:50.936675+00:00", "value": {"mitigation_remediation": ["Upgrade to Pandora FMS 800.1 or later to apply the vendor\u2011issued fix.", "If upgrading is not immediately possible, disable the WebServerModuleDebug component or restrict access to trusted IPs using firewall or reverse proxy settings."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Pandora FMS systems running versions 777 through 800 are vulnerable. The vendor has released a fix in versions 800.1 and 801, and later releases contain the patch.", "description_and_impact": "The vulnerability lies in improper sanitization of special characters, allowing an attacker to inject operating\u2011system commands via the WebServerModuleDebug endpoint, resulting in remote code execution. It is classified under CWE\u201178.", "risk_and_exploitability": "With a CVSS base score of 8.7 the issue carries high severity. Exploitation appears possible over the network through the debug module without a documented authentication, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog."}}}}, "created": "2026-04-14T16:18:58.475230+00:00", "updated": "2026-04-14T16:34:06.939538+00:00", "vendors": ["pandora_fms", "pandora_fms$PRODUCT$pandora_fms"]}