Cyber Posture

CVE-2026-30806

HighRCEUpdated

Published: 13 April 2026

Published
13 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30806 is a high-severity OS Command Injection (CWE-78) vulnerability in Artica Pandora Fms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates OS command injection by requiring validation and sanitization of untrusted inputs from the Network Report feature to neutralize special elements.

SI-2 Flaw Remediation good match
prevent

Addresses the specific flaw in Pandora FMS versions 777-800 by requiring timely identification, reporting, and remediation of vulnerabilities like this CVE via vendor patches.

SI-4 System Monitoring partial match
detect

Enables detection of command injection exploitation through continuous monitoring of system activities for anomalous OS command executions by low-privileged users.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

The vulnerability enables exploitation of a public-facing web application (T1190) via network-accessible Network Report feature, allowing low-privileged users to inject and execute arbitrary OS commands (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

Deeper analysisAI

CVE-2026-30806 is an Improper Neutralization of Special Elements used in an OS Command vulnerability (CWE-78) that enables OS Command Injection via the Network Report feature. This issue affects Pandora FMS versions from 777 through 800. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and requirement for only low privileges.

Low-privileged users with network access can exploit this vulnerability by injecting malicious OS commands through the Network Report functionality. Exploitation requires no user interaction and has no scope change, but achieves high impacts across confidentiality, integrity, and availability, potentially allowing full system compromise such as arbitrary code execution on the server.

Mitigation details are available in the vendor advisory at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/.

Details

CWE(s)
CWE-78

Affected Products

artica
pandora fms
777 — 800.1

CVEs Like This One

CVE-2026-34188Same product: Artica Pandora Fms
CVE-2026-30809Same product: Artica Pandora Fms
CVE-2026-30813Same product: Artica Pandora Fms
CVE-2026-34186Same product: Artica Pandora Fms
CVE-2024-12992Same product: Artica Pandora Fms
CVE-2026-30804Same product: Artica Pandora Fms
CVE-2026-30808Same product: Artica Pandora Fms
CVE-2026-30807Same product: Artica Pandora Fms
CVE-2026-30810Same product: Artica Pandora Fms
CVE-2026-30805Same product: Artica Pandora Fms

References