RCE in Pandora Fms

CVE-2026-34188

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (31.8th percentile) — read the EPSS interpretation.

Affected products

Pandora Fms — versions 777

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/