EIP-2026-110458

PRE-CVE

Pandora Fms 5.0RC1 - Remote Command Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110458. PoCs published by xistence.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Pandora FMS's Anytermd daemon, allowing unauthenticated remote code execution as the 'pandora' user. It also details privilege escalation to root via misconfigured 'artica' user and sudo access.

Description

Pandora Fms 5.0RC1 - Remote Command Injection

Exploits (1)

exploitdb WORKING POC

by xistence · textwebappsphp

https://www.exploit-db.com/exploits/31436

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Pandora FMS's Anytermd daemon, allowing unauthenticated remote code execution as the 'pandora' user. It also details privilege escalation to root via misconfigured 'artica' user and sudo access.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Pandora FMS 5.0RC1 and below

No auth needed

Prerequisites: Network access to TCP port 8022/8023 · Netcat listener for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026