Authentication Bypass in Pandora FMS Affects Multiple Versions
CVE-2026-30805

9.1CRITICAL

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 12 May 2026

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2026-30805?

This vulnerability allows unauthorized access to sensitive functionalities through the API due to insecure default initialization settings. It affects multiple versions of Pandora FMS, where attackers can exploit the issue to bypass authentication mechanisms. Proper configuration and security measures are essential to mitigate the risks associated with this flaw.

Affected Version(s)

Pandora FMS all 777 <= 800

References

https://pandorafms.com/en/security/common-vulnerabilities...

CVSS V4

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 5, 2026

Credit

Pedro J. Núñez-Cacho Fuentes <tunelko@gmail.com>

CVE-2026-30805 Data

JSON