Centreon Web
7 CVEs affecting Centreon Web. Latest disclosed: 2026-02-27. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2750 | Critical | 9.1 | 2026-02-27 | Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreo… |
CVE-2025-6791 | High | 8.8 | 2025-08-22 | In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Spec… |
CVE-2025-4648 | High | 8.4 | 2025-05-13 | The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS s… |
CVE-2025-4647 | High | 8.4 | 2025-05-13 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with el… |
CVE-2025-4650 | High | 7.2 | 2025-08-22 | User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in a… |
CVE-2025-4646 | High | 7.2 | 2025-05-13 | Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before… |
CVE-2025-4649 | Medium | 4.9 | 2025-05-13 | Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the displ… |