Centreon Web vulnerabilities
7 known vulnerabilities affecting centreon/web.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-2750P3CRITICALCVSS 9.8fixed in 24.04.24≥ 24.10.0, < 24.10.20+1 more2026-02-27
CVE-2026-2750 [CRITICAL] CWE-20 CVE-2026-2750: Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
nvd
CVE-2025-6791P3HIGHCVSS 8.8≥ 24.10.0, < 24.10.9≥ 24.04.0, < 24.04.16+1 more2025-08-22
CVE-2025-6791 [HIGH] CWE-89 CVE-2025-6791: In the monitoring event logs page, it is possible to alter the http request to insert a reflect payl
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
nvd
CVE-2025-4650P3HIGHCVSS 7.2≥ 24.10.0, < 24.10.9≥ 24.04.0, < 24.04.16+1 more2025-08-22
CVE-2025-4650 [HIGH] CWE-89 CVE-2025-4650: User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
nvd
CVE-2025-4646P3HIGHCVSS 7.2≥ 24.04.0, < 24.04.10≥ 24.10.0, < 24.10.42025-05-13
CVE-2025-4646 [HIGH] CWE-863 CVE-2025-4646: Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privi
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
nvd
CVE-2025-4649P4MEDIUMCVSS 4.9≥ 24.10.3, < 24.10.4≥ 24.04.09, < 24.04.10+2 more2025-05-13
CVE-2025-4649 [MEDIUM] CWE-755 CVE-2025-4649: Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalatio
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.
nvd
CVE-2025-4648P4MEDIUMCVSS 5.9≥ 24.10.0, < 24.10.5≥ 24.04.0, < 24.04.11+3 more2025-05-13
CVE-2025-4648 [MEDIUM] CWE-434 CVE-2025-4648: The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Ref
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.
nvd
CVE-2025-4647P4MEDIUMCVSS 4.8≥ 24.10.0, < 24.10.5≥ 24.04.0, < 24.04.11+3 more2025-05-13
CVE-2025-4647 [MEDIUM] CWE-79 CVE-2025-4647: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 be
nvd