CVE-2026-30810 PUBLISHED

Server-Side Request Forgery in API Checker leads to Privilege Escalation

Assigner: PandoraFMS
Reserved: 05.03.2026 Published: 12.05.2026 Updated: 12.05.2026

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
CVSS Score: 7.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	Low
Attack Complexity	Low	Integrity	Low	Integrity	Low
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Vendor	Pandora FMS
Product	Pandora FMS
Versions	Default: unaffected affected from 777 to 800 (incl.)

Fixed in v802 and v800.2