Cross-Site Request Forgery in Pandora FMS by Pandora FMS
CVE-2026-30807

7.1HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 12 May 2026

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2026-30807?

A Cross-Site Request Forgery vulnerability in Pandora FMS permits attackers to execute unauthorized actions by leveraging malicious web pages. This security flaw impacts versions 777 through 800 of the product, posing a potential risk for users who may inadvertently interact with crafted links or sites.

Affected Version(s)

Pandora FMS all 777 <= 800

References

https://pandorafms.com/en/security/common-vulnerabilities...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 5, 2026

Credit

Pedro J. Núñez-Cacho Fuentes <tunelko@gmail.com>

CVE-2026-30807 Data

JSON