CVE-2026-30805

EPSS 0.34%
Veröffentlicht 12.05.2026 15:09:57
Zuletzt bearbeitet 13.05.2026 14:39:49
Quelle security@pandorafms.com
CVE-Watchlists
Login
Unerledigt
Login

Insecure Default Initialization in API Authentication leads to Authentication Bypass

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Artica ≫ Pandora Fms Version < 777.17

Artica ≫ Pandora Fms Version >= 778 < 802

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security@pandorafms.com	9.1	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-30805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-30805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-30805

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-30805