OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

AI Analysis

OS Command Injection vulnerability in WebServerModuleDebug via Blacklist Bypass

Basic Information

ID CVE-2026-30809

Source PandoraFMS

Published Apr 13, 2026 at 15:46

Affected Product

Vendor Pandora FMS

Product Pandora FMS

Version 777

Affected Versions Pandora FMS Pandora FMS 777

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Pandora FMS

Product Pandora FMS

Version 777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800

References

pandorafms.com /en/security/common-vulnerabilities-and-exposures/

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800",
    "published": "2026-04-13T15:46:53.349Z",
    "modified": "2026-04-13T15:46:53.349Z",
    "type": "cve",
    "title": "OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution",
    "source": "PandoraFMS",
    "references": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
    "id": "CVE-2026-30809",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Pandora FMS Pandora FMS 777",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pandora FMS",
    "version": "777",
    "vendor": "Pandora FMS",
    "ai_description": "OS Command Injection vulnerability in WebServerModuleDebug via Blacklist Bypass",
    "ai_severity": "High",
    "ai_vendor": "Pandora FMS",
    "ai_product": "Pandora FMS",
    "ai_version": "777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800",
    "ai_score": 8.7
}

OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution_CVE-2026-30809