{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2750", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "state": "PUBLISHED", "assignerShortName": "Centreon", "dateReserved": "2026-02-19T14:25:18.453Z", "datePublished": "2026-02-27T14:58:29.021Z", "dateUpdated": "2026-03-06T15:32:35.310Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://downlad.centreon.com", "defaultStatus": "unaffected", "modules": ["Centreon Open Tickets"], "platforms": ["Linux"], "product": "Centreon Open Tickets on Central Server", "vendor": "Centreon", "versions": [{"lessThan": "25.10; 24.10;24.04", "status": "affected", "version": "all", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Texugo from Haka\u00ef Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).<p>This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.</p>"}], "value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-02-27T14:58:29.021Z"}, "references": [{"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"}], "source": {"discovery": "UNKNOWN"}, "title": "Command Injection via CLAPI generatetraps", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T17:30:13.395874Z", "id": "CVE-2026-2750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:32:35.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T17:30:13.395874Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:32:32.192Z"}}], "cna": {"title": "Command Injection via CLAPI generatetraps", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Texugo from Haka\u00ef Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Centreon", "modules": ["Centreon Open Tickets"], "product": "Centreon Open Tickets on Central Server", "versions": [{"status": "affected", "version": "all", "lessThan": "25.10; 24.10;24.04", "versionType": "custom"}], "platforms": ["Linux"], "collectionURL": "https://downlad.centreon.com", "defaultStatus": "unaffected"}], "references": [{"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).<p>This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "shortName": "Centreon", "dateUpdated": "2026-02-27T14:58:29.021Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2750", "state": "PUBLISHED", "dateUpdated": "2026-03-06T15:32:35.310Z", "dateReserved": "2026-02-19T14:25:18.453Z", "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "datePublished": "2026-02-27T14:58:29.021Z", "assignerShortName": "Centreon"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centreon:web:*:*:*:*:*:*:*:*", "matchCriteriaId": "1827AE36-2AA2-4800-A21D-74E185193E9A", "versionEndExcluding": "24.04.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:web:*:*:*:*:*:*:*:*", "matchCriteriaId": "0082184F-EF71-4529-921A-DA7876F80B8E", "versionEndExcluding": "24.10.20", "versionStartIncluding": "24.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:centreon:web:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA7B730E-209C-43B2-8F5A-C6FD8CB90443", "versionEndExcluding": "25.10.8", "versionStartIncluding": "25.01.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Centreon Centreon Open Tickets en el servidor central en Linux (m\u00f3dulos de Centreon Open Tickets). Este problema afecta a Centreon Open Tickets en el servidor central: desde todas las versiones anteriores a 25.10; 24.10; 24.04."}], "id": "CVE-2026-2750", "lastModified": "2026-03-23T16:58:57.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T16:16:25.827", "references": [{"source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "tags": ["Third Party Advisory"], "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"}], "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,25.10)"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.10)"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.04)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Centreon Open Tickets on Central Server", "source": "cna", "vendor": "Centreon"}, "product": "centreon_open_tickets_on_central_server", "vendor": "centreon"}], "analysis": {"en": {"generated_at": "2026-04-16T15:27:42.564263+00:00", "value": {"mitigation_remediation": ["Upgrade Centreon Open Tickets to the latest patched release (25.10 or newer).", "Restrict or disable HTTP access to the CLAPI generatetraps endpoint for untrusted users or networks.", "Implement input validation or sanitization for all parameters accepted by the CLAPI interface."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "The flaw impacts Centreon Open Tickets on Central Server for all releases prior to 25.10, 24.10, and 24.04, running on Linux. The affected products include the Centreon web application that hosts the Open Tickets modules.", "description_and_impact": "This vulnerability is an instance of improper input validation that allows an attacker to inject arbitrary command strings through the Central Server's CLAPI generatetraps endpoint, resulting in execution of those commands on the host system. The flaw permits the attacker to bypass normal control mechanisms and gain full control of the server, jeopardizing confidentiality, integrity, and availability of the affected environment.", "risk_and_exploitability": "With a CVSS score of 9.1, the vulnerability is classified as critical and carries a low but present exploitation probability (EPSS < 1%). Although it is not currently listed in the CISA KEV catalog, the combination of high severity and command\u2011execution capability means that an attacker can compromise the entire system from a web\u2011based entry point, likely via a crafted CLAPI request. The available official remediation is to upgrade to a patched release; no specific workaround has been published."}}}}, "created": "2026-03-02T12:07:11.914926+00:00", "updated": "2026-04-16T15:30:06.228344+00:00", "vendors": ["centreon", "centreon$PRODUCT$centreon_open_tickets_on_central_server"]}