CVE-2026-30804
Received
Received - Intake
Unrestricted File Upload in Pandora FMS Enables Remote Code Execution
Publication date: 2026-04-13
Last updated on: 2026-04-22
Assigner: Artica PFMS
Description
Description
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artica | pandora_fms | From 777 (inc) to 800.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unrestricted Upload of File with Dangerous Type issue that allows an attacker to perform Remote Code Execution by uploading malicious files. It affects Pandora FMS versions from 777 through 800.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely execute arbitrary code on the affected system by uploading a dangerous file type without restriction. This can lead to full system compromise, unauthorized access, data theft, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70