centreon

Top products

The 15 most recently published vulnerabilities affecting centreon.

• CVE-2026-2749Path traversal in Centreon Open Tickets9.9Feb 27, 2026
• CVE-2026-2750Command Injection via CLAPI generatetraps9.1Feb 27, 2026
• CVE-2026-2751Blind SQL Injection8.3Feb 27, 2026
• CVE-2025-15029An unauthenticated user is able to introduce SQL Injection using the Awie export module9.8Jan 5, 2026
• CVE-2025-15026Unauthenticated configuration import allows administrative account creation using AWIE component9.8Jan 5, 2026
• CVE-2025-12511A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page6.8Jan 5, 2026
• CVE-2025-12513A user with elevated privileges can inject XSS in the Hosts configuration parameters page6.8Jan 5, 2026
• CVE-2025-12519Information disclosure on Administration parameters API endpoint5.3Jan 5, 2026
• CVE-2025-13056A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page6.8Jan 5, 2026
• CVE-2025-5965RCE via the backup feature available only to user with high privilege7.2Jan 5, 2026
• CVE-2025-54890A user with elevated privileges can inject XSS in the Hostgroups configuration page6.8Dec 22, 2025
• CVE-2025-12514A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters7.2Dec 22, 2025
• CVE-2025-8460A user with elevated privileges can inject XSS in the Notification rules configuration page6.8Dec 22, 2025
• CVE-2025-10023A user with elevated privileges can inject XSS in the Services Meta-services configuration page6.2Oct 27, 2025
• CVE-2025-8432CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON8.4Oct 27, 2025