CVE-2026-30804
published 2026-04-13CVE-2026-30804: Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.43%
34.5th percentile
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica | pandora_fms | >= 777 < 800.1 | 800.1 |
| pandora_fms | pandora_fms | 777 – 800 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Artica Pandora FMS up to 800 unrestricted upload
vuldb·2026-04-13·CVSS 8.6
CVE-2026-30804 [HIGH] Artica Pandora FMS up to 800 unrestricted upload
A vulnerability labeled as critical has been found in Artica Pandora FMS up to 800. This affects an unknown function. Executing a manipulation can lead to unrestricted upload.
This vulnerability appears as CVE-2026-30804. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-qvcf-9h3q-2cwq: Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload
ghsa_unreviewed·2026-04-13
CVE-2026-30804 [HIGH] CWE-434 GHSA-qvcf-9h3q-2cwq: Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-13
Published