CVE-2026-30811
published 2026-04-13CVE-2026-30811: Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.27%
18.5th percentile
Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica | pandora_fms | >= 777 < 800.1 | 800.1 |
| pandora_fms | pandora_fms | 777 – 800 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Artica Pandora FMS up to 800 Configuration Endpoint default permission
vuldb·2026-04-13·CVSS 8.4
CVE-2026-30811 [HIGH] Artica Pandora FMS up to 800 Configuration Endpoint default permission
A vulnerability classified as critical has been found in Artica Pandora FMS up to 800. Affected by this vulnerability is an unknown functionality of the component Configuration Endpoint. This manipulation causes incorrect default permissions.
This vulnerability is handled as CVE-2026-30811. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-m9vq-hc45-mf4h: Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint
ghsa_unreviewed·2026-04-13
CVE-2026-30811 [HIGH] CWE-276 GHSA-m9vq-hc45-mf4h: Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint
Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-13
Published