OS Command Injection in Network Report leads to Remote Code...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

AI Analysis

OS Command Injection vulnerability in Pandora FMS via Network Report, allowing Remote Code Execution

Basic Information

ID CVE-2026-30806

Source PandoraFMS

Published Apr 13, 2026 at 15:45

Affected Product

Vendor Pandora FMS

Product Pandora FMS

Version 777

Affected Versions Pandora FMS Pandora FMS 777

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Pandora FMS

Product Pandora FMS

Version 777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800

References

pandorafms.com /en/security/common-vulnerabilities-and-exposures/

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800",
    "published": "2026-04-13T15:45:46.468Z",
    "modified": "2026-04-13T15:45:46.468Z",
    "type": "cve",
    "title": "OS Command Injection in Network Report leads to Remote Code Execution",
    "source": "PandoraFMS",
    "references": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
    "id": "CVE-2026-30806",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Pandora FMS Pandora FMS 777",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pandora FMS",
    "version": "777",
    "vendor": "Pandora FMS",
    "ai_description": "OS Command Injection vulnerability in Pandora FMS via Network Report, allowing Remote Code Execution",
    "ai_severity": "High",
    "ai_vendor": "Pandora FMS",
    "ai_product": "Pandora FMS",
    "ai_version": "777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800",
    "ai_score": 8.7
}

OS Command Injection in Network Report leads to Remote Code Execution_CVE-2026-30806