Description
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
Published: 2026-02-27
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is an instance of improper input validation that allows an attacker to inject arbitrary command strings through the Central Server's CLAPI generatetraps endpoint, resulting in execution of those commands on the host system. The flaw permits the attacker to bypass normal control mechanisms and gain full control of the server, jeopardizing confidentiality, integrity, and availability of the affected environment.

Affected Systems

The flaw impacts Centreon Open Tickets on Central Server for all releases prior to 25.10, 24.10, and 24.04, running on Linux. The affected products include the Centreon web application that hosts the Open Tickets modules.

Risk and Exploitability

With a CVSS score of 9.1, the vulnerability is classified as critical and carries a low but present exploitation probability (EPSS < 1%). Although it is not currently listed in the CISA KEV catalog, the combination of high severity and command‑execution capability means that an attacker can compromise the entire system from a web‑based entry point, likely via a crafted CLAPI request. The available official remediation is to upgrade to a patched release; no specific workaround has been published.

Generated by OpenCVE AI on April 16, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Centreon Open Tickets to the latest patched release (25.10 or newer).
  • Restrict or disable HTTP access to the CLAPI generatetraps endpoint for untrusted users or networks.
  • Implement input validation or sanitization for all parameters accepted by the CLAPI interface.

Generated by OpenCVE AI on April 16, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Centreon web
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:centreon:web:*:*:*:*:*:*:*:*
Vendors & Products Centreon web

Fri, 06 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Centreon
Centreon centreon Open Tickets On Central Server
Vendors & Products Centreon
Centreon centreon Open Tickets On Central Server

Fri, 27 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
Title Command Injection via CLAPI generatetraps
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Centreon Centreon Open Tickets On Central Server Web
cve-icon MITRE

Status: PUBLISHED

Assigner: Centreon

Published:

Updated: 2026-03-06T15:32:35.310Z

Reserved: 2026-02-19T14:25:18.453Z

Link: CVE-2026-2750

cve-icon Vulnrichment

Updated: 2026-03-06T15:32:32.192Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T16:16:25.827

Modified: 2026-03-23T16:58:57.633

Link: CVE-2026-2750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:30:06Z

Weaknesses