OS Command Injection Vulnerability in Pandora FMS
CVE-2026-34188
7.5HIGH
What is CVE-2026-34188?
An OS command injection vulnerability exists in Pandora FMS, allowing attackers to execute arbitrary commands via the Event Response execution feature. This flaw can compromise system integrity and lead to unauthorized commands being run, potentially putting sensitive data at risk. Users of Pandora FMS versions 777 to 800 should take immediate action to mitigate the associated risks.
Affected Version(s)
Pandora FMS all 777 <= 800
References
CVSS V4
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pedro J. Núñez-Cacho Fuentes <tunelko@gmail.com>