RCE in Pandora Fms

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (36.5th percentile) — read the EPSS interpretation.

Affected products

Pandora Fms — versions 777

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/