Cyber Posture

CVE-2026-30809

High

Published: 13 April 2026

Published
13 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires information input validation at entry points like WebServerModuleDebug to neutralize special elements and prevent OS command injection (CWE-78).

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching of the specific vulnerability in Pandora FMS versions 777-800, as documented in vendor advisories.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for low-privileged authenticated users, limiting the scope and impact of arbitrary OS command execution post-exploitation.

Security SummaryAI

CVE-2026-30809 is an improper neutralization of special elements used in an OS command vulnerability (CWE-78) that enables OS command injection through the WebServerModuleDebug component. Published on 2026-04-13, it affects Pandora FMS versions from 777 through 800 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by low-privileged authenticated users over the network with low complexity and no user interaction required. Successful exploitation allows attackers to inject arbitrary OS commands via the WebServerModuleDebug feature, potentially leading to full system compromise, including unauthorized data access, modification, or execution of malicious code on the affected server.

Pandora FMS has documented this issue in their security advisories, available at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/, where practitioners can find details on patches and mitigation steps for affected versions.

Details

CWE(s)
CWE-78

Affected Products

artica
pandora fms
777 — 800.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

OS command injection in web component exploitable by low-priv authenticated users over network enables exploitation of public-facing app (T1190), Unix shell execution (T1059.004 assuming Linux server), and priv esc to full compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References