External risk intelligence

Pandora FMS could allow external attackers to gain admin access.

Pandora FMS could allow external attackers to bypass authentication, potentially granting them admin access to the platform and compromising the management and visibility of your critical operational systems. No active exploitation has been observed.

NVD published May 12, 2026 (3 days ago)

External risk briefCRITICAL

CVE-2026-30805

Halo Surface Signal

2/ 5

The vulnerability affects a monitoring platform typically deployed within internal networks to oversee infrastructure. While some configurations may be exposed to the internet, such access is not the default or standard deployment pattern. The system is generally intended for internal management and visibility, limiting typical public network exposure.

Exposure facts

CVSS

9.1

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Amber

EPSS

0.02%

H – Horizon Alert

A security vulnerability has been identified in the Pandora FMS platform related to how resources are initialized by default. This flaw could allow an unauthorized user to bypass standard authentication controls when interacting with the system's API. Consequently, this may permit unauthorized access to the application, potentially impacting the security of your management infrastructure.

A – Asset Exposure

This vulnerability impacts Pandora FMS, a monitoring solution typically deployed within internal networks, though specific configurations may occasionally be internet-facing. If an unauthorized user accesses the application’s API, they could trigger an authentication bypass. This exposure could grant an attacker admin access to the platform, potentially compromising the management and visibility of your critical operational systems.

L – Live Threat

The available context for this issue does not indicate active exploitation or observed targeting at this time. We have identified no reports of public exploit code or proof-of-concept activity associated with this vulnerability. Consequently, there are no immediate live-threat signals to report, suggesting the current risk level is limited by the lack of observed hostile activity.

O – Operational Fix

Please direct your team to review the official security guidance provided by the Pandora FMS vendor to address this issue. They should prioritize implementing the recommended updates or configuration adjustments to ensure API access remains secure. It is essential to validate current deployments against these vendor requirements to maintain optimal system integrity.

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/