Major Evolutions for Centreon Infra Monitoring 26.10 LTS: Heading Towards Next-Generation OS
Stay informed with the latest Centreon security bulletins to safeguard your infrastructure effectively.
Recently active
Publication date: June 30th, 2026 Component: centreon-webList of vulnerabilities: 1 Description: Fixed multiple SQL injection vulnerabilities in legacy PHP code that could allow authenticated users to perform unauthorized database operations.Reference: N/ACVSS: 8.8Severity: HighStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.15 Centreon Web 24.10.28 Component: centreon-it-edition-extensionsList of vulnerabilities: 1 Description: Fixed an information disclosure issue in the IT Edition Dashboard Playlist feature where internal error details could be exposed in API responses.Reference: N/ACVSS: 3.4Severity: LowStatus: Fixes have been provided for all supported versions and it is recommended to update IT Edition Extensions on Central Server:Centreon Open Tickets 25.10.6 Centreon Open Tickets 24.10.13 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive i
Publication date: May 28th, 2026 Component: centreon-webList of vulnerabilities: 2 Description: Fixed multiple shell injection vulnerabilities in legacy PHP code where database-sourced or insufficiently-validated values are interpolated into shell commands without proper escaping.Reference: N/ACVSS: 6.6Severity: MediumStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Anomaly Detection on Central Server:Centreon Web 25.10.12 Centreon Web 24.10.25 Description: Fixed Content-Disposition HTTP headers in CSV export pages and graph image responses use database-sourced filenames (host names, service descriptions, group names) without proper sanitization or quoting. A double-quote character in a name could break out of the filename value, potentially allowing an attacker to manipulate how browsers interpret the download.Reference: N/ACVSS: 3.1Severity: LowStatus: Fixes have been provided for all supported versions and it is recommended to upd
Publication date: May 12th, 2026 Component: centreon-anomaly-detectionList of vulnerabilities: 1Description: SQL injection via string concatenation across legacy PHP filesReference: N/ACVSS: 8.8Severity: HighStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Anomaly Detection on Central Server:Centreon Anomaly Detection 25.10.5 Centreon Anomaly Detection 24.10.10 Component: centreon-autodiscoveryList of vulnerabilities: 1Description: SQL injection via string concatenation across legacy PHP filesReference: N/ACVSS: 8.8Severity: HighStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Auto Discovery on Central Server:Centreon Auto Discovery 25.10.5 Centreon Auto Discovery 24.10.13 Component: centreon-awieList of vulnerabilities: 1Description: SQL injection via string concatenation across legacy PHP filesReference: N/ACVSS: 8.8Severity: HighStatus: Fixes have been provided for all supported
Publication date: February 26th, 2026 Component: centreon-open-ticketsList of vulnerabilities: 2Description: A path traversal vulnerability in the Open Tickets file upload allows an authenticated user to write or delete arbitrary files.Reference: CVE-2026-2749CVSS: 9.9Severity: CriticalStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Open Tickets on Central Server:Centreon Open Tickets 25.10.3 Centreon Open Tickets 24.10.8 Centreon Open Tickets 24.04.7Breaking Change: The ability to define a custom command linked to a rule has been removed, due to low adoption and security concerns.Reference: N/ACVSS: 8.1Severity: HighStatus: Fixes have been provided for all supported versions and it is recommended to update Centreon Open Tickets on Central Server:Centreon Open Tickets 25.10.2 Centreon Open Tickets 24.10.7 Centreon Open Tickets 24.04.6 To ensure you do not lose any customization that might have been done to your OpenTicket provider,
Publication date: February 25th, 2026Components: centreon-webDescription: Broken Function Level Authorization allows execution of poller post-restart commands by authenticated user.Reference: CVE-2025-13050CVSS: 5.4Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.9 Centreon Web 24.10.21 Centreon Web 24.04.25These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: February 25th, 2026Components: centreon-webDescription: Broken Object Level Authorization in Users Configuration Endpoint allows Information Disclosure to authenticated user.Reference: CVE-2025-12523CVSS: 6.5Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.6 Centreon Web 24.10.21 Centreon Web 24.04.25These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: February 25th, 2026Components: centreon-webDescription: Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.Reference: CVE-2026-2751CVSS: 8.1Severity: High Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.8 Centreon Web 24.10.20 Centreon Web 24.04.24These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: February 25th, 2026Components: centreon-webDescription: Improper input validation leads to remote code execution on CLAPI.Reference: CVE-2026-2750CVSS: 9.1Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Open Tickets on Central Server:Centreon Web 25.10.8 Centreon Web 24.10.20 Centreon Web 24.04.24These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: February 24th, 2026Components: centreon-open-ticketsDescription: A path traversal vulnerability in the Open Tickets file upload allows an authenticated user to write or delete arbitrary files.Reference: CVE-2026-2749CVSS: 9.9Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Open Tickets on Central Server:Centreon Open Tickets 25.10.3 Centreon Open Tickets 24.10.8 Centreon Open Tickets 24.04.7These versions include cumulative fixes from prior updates. To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update! If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is publishe
Publication date: January 15th, 2026Components: centreon-anomaly-detection, centreon-autodiscovery-server, centreon-it-edition-extensions, centreon-license-manager, centreon-map4-web-clientDescription: Upgraded react-router 7.2.0 to 7.5.2 to prevent vulnerabilities.Reference: CVE-2025-43865, CVE-2025-43864CVSS: 8.2Severity: High Status: Only version 25.10.x of Centreon Infra Monitoring is concerned and it is recommended to update Centreon Web on Central Server. This version include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: N/A Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-webDescription: RCE via the backup feature available only to user with high privilege.Reference: CVE-2025-5965CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.1 Centreon Web 24.10.15 Centreon Web 24.04.19 Centreon Web 23.10.29These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: h00die-gr3y Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-webDescription: A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page.Reference: CVE-2025-13056CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.2 Centreon Web 24.10.15 Centreon Web 24.04.19 Centreon Web 23.10.29These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Queiroz Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-dsm-serverDescription: A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page.Reference: CVE-2025-12511CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon DSM on Central Server:Centreon DSM 25.10.1 Centreon DSM 24.10.4 Centreon DSM 24.04.8 Centreon DSM 23.10.5These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Queiroz Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-webDescription: A user with elevated privileges can inject XSS in the Hosts configuration parameters page.Reference: CVE-2025-12513CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.2 Centreon Web 24.10.15 Centreon Web 24.04.19 Centreon Web 23.10.29These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-webDescription: Information disclosure on Administration parameters API endpoint.Reference: CVE-2025-12519CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 25.10.2 Centreon Web 24.10.15 Centreon Web 24.04.19These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-awieDescription: Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.Reference: CVE-2025-15026CVSS: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon AWIE on Central Server:Centreon AWIE 25.10.2 Centreon AWIE 24.10.3 Centreon AWIE 24.04.3 These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: January 8th, 2026Components: centreon-awieDescription: An unauthenticated user is able to introduce SQL Injection using the AWIE export module.Reference: CVE-2025-15029CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Severity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update Centreon AWIE on Central Server:Centreon AWIE 25.10.2 Centreon AWIE 24.10.3 Centreon AWIE 24.04.3 These versions include cumulative fixes from prior updates. If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: marceloQJ Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: December 18th, 2025Components: centreon-open-ticketsDescription: A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters.Reference: CVE-2025-8460CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Open Tickets 25.10.0 Centreon Open Tickets 24.10.5 Centreon Open Tickets 24.04.5 Centreon Open Tickets 23.10.4These versions include cumulative fixes from prior updates. To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update! If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Quieroz Stay ahead of potential threats by subscribing to the Security Bul
Publication date: December 18th, 2025Components: centreon-open-ticketsDescription: A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters.Reference: CVE-2025-12514CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)Severity: High Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Open Tickets 25.10.0 Centreon Open Tickets 24.10.5 Centreon Open Tickets 24.04.5 Centreon Open Tickets 23.10.4These versions include cumulative fixes from prior updates. To ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to create a backup of your configuration before performing update! If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Quieroz Stay ahead of potential threats by subscribing to the Security Bu
Publication date: December 18th, 2025Components: centreon-webDescription: A user with elevated privileges can inject XSS in the Hostgroups configuration page.Reference: CVE-2025-54890CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 24.10.15 Centreon Web 24.04.19 Centreon Web 23.10.29These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: Marcelo Queiroz Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
The “Shai-Hulud 2.0” Campaign Since November 23rd, a major supply chain attack, named "Shai-Hulud 2.0", has been developing. This attack was quickly documented by major software and security players, notably GitLab on November 24th (https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/) and CERT-FR on November 27th (https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-051/). This attack spreads by compromising packages used as dependencies by many software solutions. Impact of Shai-Hulud 2.0 on Centreon To date, Centreon has detected no evidence of compromise to its source code. Furthermore, no official update to our solutions has been published since the beginning of the attack. Centreon has therefore not served as a vector of compromise for the Shai-Hulud 2.0 attack. Preventive Actions Taken by Centreon Despite the absence of a direct impact, and given the scale of the attack, Centreon has taken precautionary measures:Rotation of secret: We have rotated
Publication date: October 30th, 2025Components: centreon-bi-serverDescription: CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON.Reference: CVE-2025-8432CVSS: 8.4 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)Severity: High Status: Fixes have been provided for all supported versions and it is recommended to update Centreon MBI on Central Server:Centreon MBI 24.10.6 Centreon MBI 24.04.9 Centreon MBI 23.10.15These versions include cumulative fixes from prior updates Reporter: SpawnZii - PGM12268-13 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: October 30th, 2025Components: centreon-webDescription: A user with elevated privileges can inject XSS in the Meta-Service configuration page.Reference: CVE-2025-10023CVSS: 6.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 24.10.9 Centreon Web 24.04.16 Centreon Web 23.10.26These versions include cumulative fixes from prior updates.If you are using an High Availability Platform, please ensure to follow the Centreon HA Update procedures. Reporter: SpawnZii - PGM12268-13 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: September 24th, 2025Components: centreon-webDescription: A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page.Reference: CVE-2025-54889CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 24.10.13 Centreon Web 24.04.18 Centreon Web 23.10.28These versions include cumulative fixes from prior updates.Reporter: Marcelo QueirozStay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Publication date: September 24th, 2025Components: centreon-webDescription: A user with elevated privileges can inject XSS in the ACL Resources access configuration page.Reference: CVE-2025-54891CVSS: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Severity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Web on Central Server:Centreon Web 24.10.13 Centreon Web 24.04.18 Centreon Web 23.10.28These versions include cumulative fixes from prior updates.Reporter: Marcelo QueirozStay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.