Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN224
_____________________________________________________________________

DATE                : 25/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running centreon-web versions prior
                          to 25.10.9, 24.10.21, 24.04.25.

=====================================================================
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13050-centreon-web-medium-severity-5506
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12523-centreon-web-medium-severity-5505
_____________________________________________________________________

CVE-2026-2750 - Centreon Web - CRITICAL Severity


    lpinsivy
    Centreonian

 Publication date: February 25th, 2026

Components: centreon-web

Description: Improper input validation leads to remote code execution
on CLAPI.

Reference: CVE-2026-2750

CVSS: 9.1

Severity: Critical

 

Status: Fixes have been provided for all supported versions and it is
recommended to update Centreon Open Tickets on Central Server:

    Centreon Web 25.10.8
    Centreon Web 24.10.20
    Centreon Web 24.04.24

These versions include cumulative fixes from prior updates.

 

If you are using an High Availability Platform, please ensure to
follow the Centreon HA Update procedures.


Reporter: N/A


Stay ahead of potential threats by subscribing to the Security
Bulletin section. You’ll receive instant notifications whenever a
new bulletin is published, ensuring your infrastructure remains
secure and up to date.

_____________________________________________________________________

CVE-2026-2751 - Centreon Web - HIGH Severity

    lpinsivy
    Centreonian

Publication date: February 25th, 2026

Components: centreon-web

Description: Blind SQL Injection via unsanitized array keys in Service
Dependencies deletion.

Reference: CVE-2026-2751

CVSS: 8.1

Severity: High

 

Status: Fixes have been provided for all supported versions and it
is recommended to update Centreon Web on Central Server:

    Centreon Web 25.10.8
    Centreon Web 24.10.20
    Centreon Web 24.04.24

These versions include cumulative fixes from prior updates.

 
If you are using an High Availability Platform, please ensure to
follow the Centreon HA Update procedures.


Reporter: N/A


Stay ahead of potential threats by subscribing to the Security
Bulletin section. You’ll receive instant notifications whenever a
new bulletin is published, ensuring your infrastructure remains
secure and up to date.
_____________________________________________________________________

CVE-2025-13050 - Centreon Web - MEDIUM Severity

    lpinsivy
    Centreonian

Publication date: February 25th, 2026

Components: centreon-web

Description: Broken Function Level Authorization allows execution of
poller post-restart commands by authenticated user.

Reference: CVE-2025-13050

CVSS: 5.4

Severity: Medium

 

Status: Fixes have been provided for all supported versions and it
is recommended to update Centreon Web on Central Server:

    Centreon Web 25.10.9
    Centreon Web 24.10.21
    Centreon Web 24.04.25

These versions include cumulative fixes from prior updates.

 

If you are using an High Availability Platform, please ensure to
follow the Centreon HA Update procedures.

 
Reporter: N/A
 

Stay ahead of potential threats by subscribing to the Security
Bulletin section. You’ll receive instant notifications whenever a
new bulletin is published, ensuring your infrastructure remains
secure and up to date.

_____________________________________________________________________

CVE-2025-12523 - Centreon Web - MEDIUM Severity

    lpinsivy
    Centreonian

Publication date: February 25th, 2026

Components: centreon-web

Description: Broken Object Level Authorization in Users Configuration
Endpoint allows Information Disclosure to authenticated user.

Reference: CVE-2025-12523

CVSS: 6.5

Severity: Medium

 

Status: Fixes have been provided for all supported versions and it
is recommended to update Centreon Web on Central Server:

    Centreon Web 25.10.6
    Centreon Web 24.10.21
    Centreon Web 24.04.25

These versions include cumulative fixes from prior updates.

 

If you are using an High Availability Platform, please ensure to
follow the Centreon HA Update procedures.

 

Reporter: N/A

 

Stay ahead of potential threats by subscribing to the Security
Bulletin section. You’ll receive instant notifications whenever
a new bulletin is published, ensuring your infrastructure remains
secure and up to date.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================