cvelistv5 - cve-2026-2751

CVE-2026-2751 (GCVE-0-2026-2751)

Vulnerability from cvelistv5

Published

2026-02-27 13:33

Modified

2026-02-27 14:26

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.

Summary

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.

References

URL

Tags

https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504

Impacted products

	Vendor	Product	Version
	Centreon	Centreon Web on Central Server	Version: 25.10; 24.10;24.04 < 25.10.8, 24.10.20, 24.04.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T14:25:27.597975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-89",
                "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T14:26:21.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://download.centreon.com",
          "defaultStatus": "unaffected",
          "modules": [
            "Service Dependencies"
          ],
          "platforms": [
            "Linux"
          ],
          "product": "Centreon Web on Central Server",
          "vendor": "Centreon",
          "versions": [
            {
              "lessThan": "25.10.8, 24.10.20, 24.04.24",
              "status": "affected",
              "version": "25.10; 24.10;24.04",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Texugo from Haka\u00ef Security"
        }
      ],
      "datePublic": "2026-02-27T13:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.\u003cp\u003eThis issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.\u003c/p\u003e"
            }
          ],
          "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-7",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-7 Blind SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T13:43:22.569Z",
        "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "shortName": "Centreon"
      },
      "references": [
        {
          "url": "https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Blind SQL Injection",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
    "assignerShortName": "Centreon",
    "cveId": "CVE-2026-2751",
    "datePublished": "2026-02-27T13:33:44.787Z",
    "dateReserved": "2026-02-19T14:25:19.973Z",
    "dateUpdated": "2026-02-27T14:26:21.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2751\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-27T14:25:27.597975Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-27T14:26:14.215Z\"}}], \"cna\": {\"title\": \"Blind SQL Injection\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Texugo from Haka\\u00ef Security\"}], \"impacts\": [{\"capecId\": \"CAPEC-7\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-7 Blind SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Centreon\", \"modules\": [\"Service Dependencies\"], \"product\": \"Centreon Web on Central Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"25.10; 24.10;24.04\", \"lessThan\": \"25.10.8, 24.10.20, 24.04.24\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"collectionURL\": \"https://download.centreon.com\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-02-27T13:31:00.000Z\", \"references\": [{\"url\": \"https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.\u003cp\u003eThis issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.\"}]}], \"providerMetadata\": {\"orgId\": \"bd4443e6-1eef-43f3-9886-25fc9ceeaae7\", \"shortName\": \"Centreon\", \"dateUpdated\": \"2026-02-27T13:43:22.569Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2751\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-27T14:26:21.910Z\", \"dateReserved\": \"2026-02-19T14:25:19.973Z\", \"assignerOrgId\": \"bd4443e6-1eef-43f3-9886-25fc9ceeaae7\", \"datePublished\": \"2026-02-27T13:33:44.787Z\", \"assignerShortName\": \"Centreon\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0212

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Centreon	open tickets	Centreon Open Tickets versions 25.x antérieures à Tickets 25.10.3
Centreon	open tickets	Centreon Open Tickets versions 24.10.x antérieures à Tickets 24.10.8
Centreon	Web	Centreon Web versions 25.x antérieures à 25.10.9
Centreon	open tickets	Centreon Open Tickets versions antérieures à 24.04.7
Centreon	Web	Centreon Web versions 24.10.x antérieures à 24.10.21
Centreon	Web	Centreon Web versions antérieures à 24.04.25

References

Title

Publication Time

Tags

Bulletin de sécurité Centreon cve-2026-2751-centreon-web-high-severity-5504	2026-02-25	vendor-advisory
Bulletin de sécurité Centreon cve-2026-2750-centreon-web-critical-severity-5503	2026-02-25	vendor-advisory
Bulletin de sécurité Centreon cve-2025-12523-centreon-web-medium-severity-5505	2026-02-25	vendor-advisory
Bulletin de sécurité Centreon february-release-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502	2026-02-25	vendor-advisory
Bulletin de sécurité Centreon cve-2025-13050-centreon-web-medium-severity-5506	2026-02-25	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Centreon Open Tickets versions 25.x ant\u00e9rieures \u00e0  Tickets 25.10.3",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Open Tickets versions 24.10.x ant\u00e9rieures \u00e0 Tickets 24.10.8",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions 25.x ant\u00e9rieures \u00e0 25.10.9",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Open Tickets versions ant\u00e9rieures \u00e0 24.04.7",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.21",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions ant\u00e9rieures \u00e0 24.04.25",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-13050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13050"
    },
    {
      "name": "CVE-2026-2751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2751"
    },
    {
      "name": "CVE-2025-12523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12523"
    },
    {
      "name": "CVE-2026-2749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2749"
    },
    {
      "name": "CVE-2026-2750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2750"
    }
  ],
  "initial_release_date": "2026-02-26T00:00:00",
  "last_revision_date": "2026-02-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0212",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
  "vendor_advisories": [
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2026-2751-centreon-web-high-severity-5504",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504"
    },
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2026-2750-centreon-web-critical-severity-5503",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"
    },
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12523-centreon-web-medium-severity-5505",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12523-centreon-web-medium-severity-5505"
    },
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon february-release-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/february-release-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502"
    },
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-13050-centreon-web-medium-severity-5506",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13050-centreon-web-medium-severity-5506"
    }
  ]
}

CERTFR-2026-AVI-0221

Vulnerability from certfr_avis

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Centreon	Web	Web versions antérieures à 24.04.25
Centreon	open tickets	Open Tickets versions antérieures à 24.04.7
Centreon	open tickets	Open Tickets versions 24.10.x antérieures à 24.10.8
Centreon	Web	Web versions 24.10.x antérieures à 24.10.21
Centreon	Web	Web versions 25.x antérieures à 25.10.9
Centreon	open tickets	Open Tickets versions 25.x antérieures à 25.10.3

References

Title

Publication Time

Tags

Bulletin de sécurité Centreon february-2026-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502

2026-02-25

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Web versions ant\u00e9rieures \u00e0 24.04.25",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Open Tickets versions ant\u00e9rieures \u00e0 24.04.7",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Open Tickets versions 24.10.x ant\u00e9rieures \u00e0 24.10.8",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.21",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Web versions 25.x ant\u00e9rieures \u00e0 25.10.9",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Open Tickets versions 25.x ant\u00e9rieures \u00e0 25.10.3",
      "product": {
        "name": "open tickets",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-13050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13050"
    },
    {
      "name": "CVE-2026-2751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2751"
    },
    {
      "name": "CVE-2025-12523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12523"
    },
    {
      "name": "CVE-2026-2749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2749"
    },
    {
      "name": "CVE-2026-2750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2750"
    }
  ],
  "initial_release_date": "2026-02-27T00:00:00",
  "last_revision_date": "2026-02-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0221",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
  "vendor_advisories": [
    {
      "published_at": "2026-02-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon february-2026-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/february-2026-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-2751 (GCVE-0-2026-2751)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0212

Vulnerability from certfr_avis

Solutions

CERTFR-2026-AVI-0221

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature