Pandora FMS 801 Feature Release

22748

16083

String-type modules have improved display in the Web Console, considering whether the check result exceeds 200 characters and whether it includes line breaks.

N/A

16622

New download links for EL 9 (PFMS EndPoints).

N/A

16678

Visual Consoles now include new graphical elements installed by default, which can also be updated from the PFMS Marketplace.

N/A

16683

• Related: MR 86

A server plugin has been added to monitor the number of days remaining before SSL certificate expiration.

N/A

17119

PFMS EndPoints: The configuration file has been reorganized.

N/A

17148

An option has been added to import data from Pandora MINI.

N/A

17167

The style and interface of date and time selection controls in the Web Console have been improved and unified.

N/A

17726

• Related: MR 86

New scripts have been added for Fortinet®, Dell® and Huawei® within the NCM functionality.

N/A

18106

• Related: 18608

Various sections of the Web Console have been reorganized and refreshed to better utilize screen space.

N/A

18107

The “About” view has been refactored.

N/A

18120

Visual improvements have been made to the user edit view.

N/A

18122

In the Tactical View, the notifications section has had its dynamic visual interface adjusted.

N/A

18130

When opening the details window of any event, the interface is now highlighted when hovering over it.

N/A

18411

• Related: 16721, MR 86

A new macro has been added to configure alerts with notifications via Telegram®.

18064, 22494

13961

User editing, deletion and disabling actions have been changed from the GET method to the POST method.

N/A

15782

The informational message indicating whether a node has a different MR number than the Command Center it is attached to has been modified.

20250

15973

The default threshold has been changed to zero when adding a new action to an existing agent alert.

N/A

16105

The label of the password policy configuration section has been modified.

20429

16175

In the database table creation file (used during Pandora FMS installation), the existence check condition for each table has been modified.

N/A

16213

Help tooltips in the Web Console for service creation and management have been updated.

N/A

16222

Help tooltips in the Web Console for cascade protection in agents and services have been updated.

N/A

16865

Buttons and text fields in the Network scan (Discovery Host & Devices) functionality have been improved for both dark and light themes in the Web Console.

N/A

17193

In Custom SQL reports, a help message about HTML entity searches has been added in the Web Console.

N/A

17264

The description of the token “unknown_software_agents_status” has been updated (EndPoint naming).

N/A

17503

The instruction message in Metasetup (Command Center) for configuring node connections has been modified.

N/A

18199

When creating agents for Satellite Server through the Web Console interface, the agent group requirement has been added.

N/A

18362

In the IPAM functionality, default elements have been added to Sites and Location.

N/A

18364

Reports and Dashboards are now listed in ascending alphabetical order.

N/A

18573, 18753, 18755, 18758, 19555

Graphical styles throughout the Web Console have been extensively reviewed and updated.

N/A

18878

• Related: 10964, 18936, 18976, 19441

In the Web Console mobile login screen, icons and background graphics have been redesigned.

N/A

19014

• Related: 17446

The connection mechanism using SHA256/512 and AES192/256 protocols for SNMP tasks has been modified transparently for the user.

N/A

19035

• Related: 19676

The demo data generation utility (Demo data) is now restricted to standalone PFMS nodes only.

N/A

18688

Text string searches in password-type custom agent fields have been removed.

CVE-2026-30804

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19163

The registration and integration of extensions for the PFMS Web Console have been secured and fixed.

CVE-2026-30806

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19167

Command injection to the operating system via whois has been fixed.

CVE-2026-30809

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19170

Command injection in web module debugging has been fixed.

CVE-2026-30811

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19172

Residual files and functions from deprecated features, which allowed access to sensitive information, have been permanently removed.

CVE-2026-30812

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19173

Unauthorized code injection via event comments (XSS) has been fixed.

CVE-2026-30813

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19174

Arbitrary SQL code injection through module access and queries in the Dashboards functionality has been fixed.

CVE-2026-34186

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19176

Arbitrary SQL code injection through access to agent custom fields has been fixed.

CVE-2026-34188

Acknowledgment: Pedro J. Núñez-Cacho Fuentes

19178

Arbitrary SQL code injection through access to custom event responses has been fixed.

N/A

18318

• Related: 19651

The token Fixed header has been removed from the general visual style settings.

20041

16132

• Related: 9918

The creation of users and their logins in the Web Console have been fixed when SAML (user ID attribute field) is used as the authentication method in Pandora FMS.

N/A

16506

The agent filtering mechanism in the Custom Fields view has been fixed.

20579

16509

Access to scheduled service stops has been restored for users who have the AD privilege assigned to their user profile.

20808

16649

In the Service Tree view, when you select a service and then delete an item from it, the successful result message has been fixed to correctly indicate the item type (service, agent, module) and its quantity.

20858

16703

The icon for accessing DISCO package management in the Web Console has been fixed (removed) for users who are not superadmins.

20862

16707

The creation of Custom graphs without a name has been fixed.

20861

16708

In module alert management, enabling, disabling, and filtering items has been fixed, always keeping the focus on that menu.

20898

16735

In the Events view, advanced module search has been fixed while preserving the general search functionality.

N/A

16876

In the PFMS CLI, the access token for the PFMS API URL has been fixed.

21032

17005

• Related: 19645

The application of the Flip Flop interval has been fixed (while the option to keep counters active is enabled).

21378

17249

In the Monitoring Policies view, the informative icon (button) for items with extremely long names has been fixed.

N/A

17335

The options “Manage filter” and “Load filter” have been removed from the Reports view menu for both Command Center and nodes.

22105

17369, 17418

Filtering in the “Agent detail” view has been fixed.

N/A

17393

Agent filtering in the SIEM Events view has been fixed.

22107

17420

Redirection in the Web Console when deleting a module from the “Monitor details” view has been fixed (the filter used is kept).

20375

17435

The duplicated CSV export button in the scheduled service stops view has been fixed.

N/A

17472

Searches in password-type fields have been removed from the Agent Custom Fields view.

21237

17487

The use of regular expressions in external alerts for monitoring policies has been fixed.

22218

17489

Periodic agent autoconfiguration in Command Center has been fixed to avoid duplication of secondary groups in the database.

N/A

17504

For all languages, the informational message (and its URL) located in the Monitoring Policies view in Command Center has been fixed.

N/A

17673

The persistent warning message used to notify that the tens-of-thousands-of-agents barrier had been broken has been fixed so it works in real time.

N/A

17713

The default filter reset button in the Logs view has been fixed.

N/A

17722

Searching across several nodes at the same time in the Command Center Events view has been fixed.

22485

17777

The “_nameOID_” macro behavior has been fixed for use in the creation and editing of remote network components (SNMP).

22486

17783

For modules selected in the interface wizard within an agent, the application of thresholds according to the user settings in the Web Console has been fixed.

N/A

17855

Pagination buttons in the SIEM Events view have been fixed.

N/A

17868

The agent and module status report through Command Center has been fixed so it includes and takes into account all attached nodes.

22812

17880

The general configuration in the Web Console for sending email through Zoho has been fixed.

N/A

17958

The collapsing list when choosing group first in an agent’s main configuration through the Web Console has been fixed.

22702

17961

The CSV export button in the Custom Fields view has been fixed.

N/A

17979

In the Events view, both in Command Center and nodes, deleting events has been fixed from these points: event response, list item button, and bulk list operations.

N/A

18004

• Related: 19150

Bulk deletion in the Custom Reports view has been fixed.

22843

18039

Result pagination has been fixed in external alert filtering within the Monitoring Policies list.

22839

18040

The application of rules whose condition includes tag values has been fixed in event alerts.

N/A

18071

Prediction-type modules have been fixed for use with monitoring policies, both in Command Center and its nodes.

N/A

18081

Links in linked and nested Visual Consoles have been fixed at all hierarchy levels.

N/A

18085

The token “Show projection” behavior has been fixed in the “Module Graph” widget of the Visual Consoles.

N/A

18087

In the Visual Console item list, editing issues have been fixed, unnecessary options have been removed, and visual editing and procedure criteria have been unified.

N/A

18093

In Command Center, under the Visual Consoles menu, the link directing to each one of them has been fixed.

23028

18232

The date format used in report display has been fixed (absolute and relative dates).

N/A

18280

In the Modules view, Agent editing, the data display button has been fixed for modules containing single or double quotes in their name. This functionality has also been fixed in other views.

N/A

18284

• Related: 19649

For the NCM functionality, the unknown state has been fixed (successful connection to the monitored device but without received data).

N/A

18299

Deletion of custom post-processing values for modules (general visual configuration) has been fixed.

N/A

18320

Editing Dashboards as favorites has been fixed even if other general fields different from this token are modified.

N/A

18324

The summary section of users with an active session in the Tactical View has been fixed.

N/A

18346

Configuration options in server plugins whose names use quotation marks have been fixed.

N/A

18413

The number of cells in a Dashboard in the Web Console display list has been fixed.

N/A

18419

The right to edit Monitoring Policies has been fixed for non-superadmin users with the AW permission in one of their assigned user profiles, both for specific agent groups and for all “ALL” groups.

N/A

18430

In the “Module Graph” widget of Visual Consoles, the storage of the activation values of five of its tokens has been fixed.

23203

18452

The monthly SLA report (PDF file) has been fixed for all languages other than English.

23215

18454

User filtering in the Web Console administration view has been fixed.

23186

18488

The Recovery only on Normal status function (alert templates) has been fixed.

N/A

18508

• Related: 14082

In Command Center, editing of the Agent/Module view widget (Dashboards functionality) has been fixed.

23267, 17659

18519

• Related: 13736, 14972, 19654

PFMS CLI: the “create_special_day” command has been completely fixed, rewritten and recompiled.

N/A

18544

The Translate string functionality has been fully fixed and its visual interface has been improved.

N/A

18586

Discovery PFMS: In the Scan scripts functionality, the process for creating additional description, value and help fields has been fixed.

23367

18595

In Reports, menu Custom graphs, section Graph container, its display has been fixed and the requirement to specify an agent group for it has been added.

N/A

18741

Satellite Server: All access credential fields in SNMP module creation have been fixed (reading from Credential Store).

N/A

18771

Dashboards: The Security Hardening widget has been fully fixed.

N/A

18786

Editing Visual Console items (Command Center) has been fixed.

N/A

18793

When creating dummy nodes (agents) in the Network Maps functionality, the default module types in the creation of the corresponding agent have been fixed.

23538

18812

• Related: 19655

Forced user password change (when password policies are active) has been fixed.

N/A

18816

In the IPAM functionality, the accumulation of results obtained from the ping command has been fixed.

N/A

18859

Dashboards: In the “List of Latest Events” widget, the application of the “Max. Hours old” parameter has been fixed so it performs correct filtering of results.

N/A

18862

• Related: 18863

In Command Center, the complete centralized alert creation process has been fixed and its presentation and results have been reviewed.

N/A

18866

In the System Audit Log functionality, sorting by the Security column has been removed.

N/A

18876

• Related: 18574, 18905

In the Remote Components list, the filtering process has been fixed and the presentation of results has been improved.

N/A

18877

In non-centralized Command Center (without attached nodes), the button to create items denoting agent operating systems has been removed.

N/A

18882

In the Map Service widget (Dashboards), the token “Show sunburst by default” behavior has been fixed.

N/A

18884

• Related: 19297

In the Agent Details view of Command Center, the link to edit the selected agent has been fixed.

N/A

18903

In Remote SNMP Components, the Manufacturer ID field has been fixed so it works through the SNMP wizard in each agent edition.

N/A

18917

In the Tactical View, General Dashboard, the display of module group names has been fixed.

N/A

18928, 19298

Agent filtering in languages other than English has been fixed in the Web Console agent administration view.

N/A

18930, 18968

In the Visual Consoles, the Module Graph item has been fixed so it works both by agent and module selection and by saved custom graphing. System image loading has also been fixed.

N/A

18932

In the tip-of-the-day popup message, its closing mechanism has been fixed for all users.

N/A

18952

Alert creation from Command Center has been fixed. Its later behavior in the Tactical View has also been verified.

N/A

18957

In the Service detail view, the table with SLA weights and thresholds information has been fixed.

N/A

18970

In Bulk Operations, the operations exceeding the maximum value specified in the PFMS general configuration have been fixed, reviewed and verified.

N/A

18974, 18975, MR 801

In the general wizard, report creation and subsequent links to them have been fixed. Default installed reports have also been reviewed and fixed as needed.

N/A

18978

Dashboards: For the SIEM Statistics widget, agent filtering and its later display have been fixed.

N/A

18984

In the Agent Tree View, the side display of details of the selected item has been fixed.

N/A

18986

• Related: 16609, 18013, 18987

Web Push Notifications have been fixed so they can be displayed in several web browsers.

N/A

19012

sFlow monitoring has been fixed, specifically parameter configuration according to the operating system and its version on which PFMS Server runs.

N/A

19018

Configuration errors for logs records in agent administration through the Web Console have been fixed.

N/A

19020

In the NCM functionality, the chronological presentation order of collected changes has been fixed.

N/A

19021

• Related: 19675

The generation of configuration change events and data change events in monitored devices with the NCM functionality has been fixed.

N/A

19028

Both in Command Center and its nodes, the creation and edition of dynamic-type Services have been fixed.

N/A

19037

• Related: 16070, 19672

Access to menus and/or their respective URLs in the Web Console has been fixed for read-only users.

23677

19056

Export of custom reports in Japanese, in CSV files, has been fixed.

N/A

19058

• Related: 18362

IPAM: The error when running a Netscan Custom script without a configured subnet has been fixed.

N/A

19078

• Related: 19679

The use of macro-type variables in URL-type event responses has been fixed.

N/A

19123

Access for users with read-only rights to the actions for forcing service checks and deleting services has been fixed.

N/A

19125

For all users without report administration permission, access to the report list has been fixed.

N/A

19131

For users using Active Directory® (AD) authentication in Command Center, remote password storage has been fixed.

N/A

19132

• Related: 19131

Access for non-local users (authentication with AD, SAML or LDAP) has been fixed both in Command Center and its centralized nodes.

N/A

19148

Zooming in and out in module graphs has been fixed.

N/A

19297

• Related: 18884

In agent editing from Command Center, the assignment of the corresponding PFMS Server has been fixed.

N/A

19301

For SNMP v3 monitoring, the glibc dependency has been fixed (added) so that the corresponding checks can be performed.

N/A

19484

Date filters in SNMP interface graphs have been fixed.