CVE-2026-30811
Missing Authorization in Pandora FMS Configuration Exposes Sensitive Data
Publication date: 2026-04-13
Last updated on: 2026-04-22
Assigner: Artica PFMS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artica | pandora_fms | From 777 (inc) to 800.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue that allows exposure of sensitive information through a configuration endpoint in Pandora FMS versions from 777 through 800.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information, potentially compromising confidentiality and security of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a Missing Authorization issue that allows exposure of sensitive information via a configuration endpoint in Pandora FMS versions from 777 through 800.
Exposure of sensitive information due to missing authorization can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive data from unauthorized access.
Therefore, this vulnerability could negatively impact compliance with these standards by potentially allowing unauthorized parties to access sensitive information.