Publication date: May 28th, 2026
Component: centreon-web
List of vulnerabilities: 2
Description: Fixed multiple shell injection vulnerabilities in legacy PHP code where database-sourced or insufficiently-validated values are interpolated into shell commands without proper escaping.
Reference: N/A
CVSS: 6.6
Severity: Medium
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Anomaly Detection on Central Server:
Description: Fixed Content-Disposition HTTP headers in CSV export pages and graph image responses use database-sourced filenames (host names, service descriptions, group names) without proper sanitization or quoting. A double-quote character in a name could break out of the filename value, potentially allowing an attacker to manipulate how browsers interpret the download.
Reference: N/A
CVSS: 3.1
Severity: Low
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Anomaly Detection on Central Server:
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.