CVE-2026-30805

CRITICAL

Published May 12, 2026 Modified May 13, 2026 CWE-1188

Description

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.05%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-1188 CWE-1188

Affected Products

Vendor	Product	Versions
artica	pandora_fms	< 777.17
artica	pandora_fms	778 — 802

References

Advisories & Patches

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Frequently Asked Questions

What is CVE-2026-30805? +

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 It has a CVSS v3.1 base score of 9.1 (CRITICAL).

How severe is CVE-2026-30805? +

CVE-2026-30805 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-30805? +

CVE-2026-30805 affects products from artica, specifically: pandora_fms. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-30805? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-51758

Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …

CVE-2024-5801

Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …

CVE-2024-8313

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …

CVE-2026-44588

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via …

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when …

Quick Facts

CVSS Score: 9.1
Severity: CRITICAL
EPSS: 0.0002
Published: May 12, 2026

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2026-30805.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →