{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2749", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "state": "PUBLISHED", "assignerShortName": "Centreon", "dateReserved": "2026-02-19T14:25:05.119Z", "datePublished": "2026-02-27T15:05:17.203Z", "dateUpdated": "2026-03-06T15:31:59.884Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://download.centreon.com", "defaultStatus": "unaffected", "modules": ["Centroen Open Ticket"], "packageName": "Centreon Open Tickets on Central Server", "platforms": ["Linux"], "vendor": "Centreon", "versions": [{"lessThan": "25.10.3, 24.10.8, 24.04.7", "status": "affected", "version": "all", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Texugo from Haka\u00ef Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).<p>This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.</p>"}], "value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-02-27T15:05:17.203Z"}, "references": [{"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493"}], "source": {"discovery": "UNKNOWN"}, "title": "Path traversal in Centreon Open Tickets", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T17:27:52.270795Z", "id": "CVE-2026-2749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:31:59.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T17:27:52.270795Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:31:55.394Z"}}], "cna": {"title": "Path traversal in Centreon Open Tickets", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Texugo from Haka\u00ef Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Centreon", "modules": ["Centroen Open Ticket"], "versions": [{"status": "affected", "version": "all", "lessThan": "25.10.3, 24.10.8, 24.04.7", "versionType": "custom"}], "platforms": ["Linux"], "packageName": "Centreon Open Tickets on Central Server", "collectionURL": "https://download.centreon.com", "defaultStatus": "unaffected"}], "references": [{"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).<p>This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.</p>", "base64": false}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-02-27T15:05:17.203Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2749", "state": "PUBLISHED", "dateUpdated": "2026-03-06T15:31:59.884Z", "dateReserved": "2026-02-19T14:25:05.119Z", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "datePublished": "2026-02-27T15:05:17.203Z", "assignerShortName": "Centreon"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centreon:open_tickets:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B8ECB79-72C0-48E0-943D-48BC16E5A0DE", "versionEndExcluding": "24.04.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:open_tickets:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DA51F48-499E-4A3D-BC8C-DD11A677CB64", "versionEndExcluding": "24.10.8", "versionStartIncluding": "24.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:open_tickets:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D9EC496-A0B6-4B26-9ADB-A632A9B2C534", "versionEndExcluding": "25.10.3", "versionStartIncluding": "25.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7."}, {"lang": "es", "value": "Vulnerabilidad en Centreon Centreon Open Tickets en Servidor Central en Linux (m\u00f3dulos de Centroen Open Ticket). Este problema afecta a Centreon Open Tickets en Servidor Central: desde todas las versiones anteriores a 25.10.3, 24.10.8, 24.04.7."}], "id": "CVE-2026-2749", "lastModified": "2026-03-23T17:05:37.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T16:16:25.700", "references": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Third Party Advisory"], "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493"}], "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,25.10.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,24.10.8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,24.04.7)"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 82.0, "source": "matching"}]}, "product": "open_tickets", "vendor": "centreon"}], "analysis": {"en": {"generated_at": "2026-04-17T13:58:42.945756+00:00", "value": {"mitigation_remediation": ["Upgrade Centreon Open Tickets to the latest releases \u2013 25.10.3 or newer, 24.10.8 or newer, or 24.04.7 or newer \u2013 on all affected Central Server installations.", "Reduce the file system privileges of the web user account executing Centreon Open Tickets so it cannot access directories outside the application\u2019s designated area.", "Implement server\u2011side input validation or a web application firewall rule that detects and blocks directory traversal sequences in requests to the Open Tickets module."], "summary": {"action": "Immediate Patch", "impact": "Path Traversal allowing arbitrary file read"}, "threat_synthesis": {"affected_systems": "Centreon Open Tickets modules installed on a Centreon Central Server running Linux are impacted for all releases older than versions 25.10.3, 24.10.8, or 24.04.7.", "description_and_impact": "A flaw in the Centreon Open Tickets module on the Central Server on Linux permits an attacker to supply a specially crafted file path that contains directory traversal characters. The application fails to properly validate or canonicalize the path, enabling the attacker to read files located outside the intended directory on the underlying Linux file system. Identified as CWE-22, the vulnerability can expose sensitive configuration data, credentials, or other confidential files, thereby creating a serious risk of information leakage and potential use in further attacks if the attacker gains additional foothold.", "risk_and_exploitability": "The CVSS base score of 9.9 classifies the flaw as Critical, indicating high potential impact. An EPSS score of less than 1% suggests the current probability of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog, implying no publicly known active exploit. The attack vector is likely remote, via the Centreon web interface, where a malicious user can submit a crafted path to the Open Tickets API to read sensitive files."}}}}, "created": "2026-03-02T12:07:11.125308+00:00", "updated": "2026-04-17T14:00:15.822179+00:00", "vendors": ["centreon", "centreon$PRODUCT$open_tickets"]}