CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:centreon:centreon_web::::::::
	cpe:2.3:a:centreon:centreon_web::::::::
	cpe:2.3:a:centreon:centreon_web::::::::

History

09 Mar 2026, 20:50

Type	Values Removed	Values Added
First Time		Centreon Centreon centreon Web
CPE		cpe:2.3:a:centreon:centreon_web::::::::
Summary		(es) Inyección SQL ciega a través de claves de array no saneadas en la eliminación de dependencias de servicio. Vulnerabilidad en Centreon Centreon Web en el servidor central en Linux (módulos de dependencias de servicio) permite inyección SQL ciega. Este problema afecta a Centreon Web en el servidor central antes de 25.10.8, 24.10.20, 24.04.24.
References	~~() https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504 -~~	() https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504 - Broken Link

27 Feb 2026, 15:16

Type	Values Removed	Values Added
CWE		CWE-89

27 Feb 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-27 14:16

Updated : 2026-03-09 20:50

NVD link : CVE-2026-2751

Mitre link : CVE-2026-2751

CVE.ORG link : CVE-2026-2751

JSON object : View

Products Affected

centreon

centreon_web

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2026-2751", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-27T14:16:30.780", "references": [{"url": "https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504", "tags": ["Broken Link"], "source": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24."}, {"lang": "es", "value": "Inyecci\u00f3n SQL ciega a trav\u00e9s de claves de array no saneadas en la eliminaci\u00f3n de dependencias de servicio. Vulnerabilidad en Centreon Centreon Web en el servidor central en Linux (m\u00f3dulos de dependencias de servicio) permite inyecci\u00f3n SQL ciega. Este problema afecta a Centreon Web en el servidor central antes de 25.10.8, 24.10.20, 24.04.24."}], "lastModified": "2026-03-09T20:50:29.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59310DAC-2A79-48BE-8800-02F4E1292B9E", "versionEndExcluding": "24.04.24.", "versionStartIncluding": "24.04.0"}, {"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBEDC030-8FF3-49AA-962F-6A997A58319C", "versionEndExcluding": "24.10.20", "versionStartIncluding": "24.10.0"}, {"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59EA86A8-6FF7-466E-A58D-7E51BBE187F1", "versionEndExcluding": "25.10.8", "versionStartIncluding": "25.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7"}