Skip to main content

Centreon EUVDEUVD-2026-43316

| CVE-2026-14453 CRITICAL
Code Injection (CWE-94)
2026-07-13 Centreon GHSA-623j-mjcm-f442
9.6
CVSS 3.1 · Vendor: Centreon
Share

Severity by source

Vendor (Centreon) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable module needs only a low-privilege authenticated account (PR:L, AC:L); RCE escapes the app to the host (S:C) and permits secret disclosure, data modification, and disruption, so C/I/A all High.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (Centreon).

CVSS VectorVendor: Centreon

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch available
Jul 13, 2026 - 10:01 EUVD
Analysis Generated
Jul 13, 2026 - 09:02 vuln.today
CVE Published
Jul 13, 2026 - 08:19 cve.org
CRITICAL 9.6

DescriptionCVE.org

This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product.

AnalysisAI

Server-Side Template Injection in Centreon's centreon-open-tickets module enables authenticated users to achieve remote code execution on the Centreon Infra Monitoring server. The message_confirm field is persisted without sanitization and later rendered by the Smarty template engine with no security policy applied, so injected template directives execute as server-side code. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate with low-privilege Centreon account
Delivery
Open centreon-open-tickets module
Exploit
Inject Smarty payload into message_confirm
Install
Save unsanitized field to storage
C2
Trigger rendering via Smarty engine
Execute
Execute arbitrary code on server
Impact
Exfiltrate environment secrets, disrupt availability

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Centreon account (CVSS PR:L) with access to the centreon-open-tickets module's ticket/confirmation configuration, and the ability to save data into the message_confirm field, which is stored unsanitized and later rendered by Smarty with no security policy enabled - that missing security policy is the exact enabling condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals point to a genuine high priority rather than a paper-tiger high-CVSS issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been granted a low-privilege Centreon account navigates to the open-tickets module and saves a confirmation message containing Smarty template syntax (for example a {php} block or code-executing modifier) in the message_confirm field. When that message is subsequently rendered, Smarty compiles and executes the payload on the Centreon server, letting the attacker read environment secrets and run OS commands. …
Remediation Upgrade Centreon and the centreon-open-tickets module to the latest fixed release published at https://github.com/centreon/centreon/releases; the provided intelligence points to a GitHub releases page rather than a single tagged fix version, so the released patched version is not independently confirmed here and the exact target build should be verified against Centreon's advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Centreon deployments with the centreon-open-tickets module installed; immediately restrict administrative access to essential personnel only and review recent access logs for suspicious activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43316 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy