What the vulnerability does
01Description
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30810
HIGH
CVE-2026-30810: Server-Side Request Forgery in API Checker leads to Privilege Escalation
CVSS base score
7.1/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
Key dates
02Disclosure timeline
May 12, 2026
CVE published
May 12, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-39276 Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery
CVE-2026-35587 Glances IP Plugin has SSRF via public_api that leads to credential leakage
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm
CVE-2026-24231
