Arbitrary file upload in Pandora Fms

CVE-2026-30804

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

Vulnerability class: Unrestricted File Upload

EPSS: 0.003 (53.8th percentile) — read the EPSS interpretation.

Affected products

Pandora Fms — versions 777

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/