CVE-2026-14453
Centreon · Infra Monitoring
Centreon Infra Monitoring is vulnerable to Server-Side Template Injection (SSTI) in the open-tickets module, allowing authenticated users to execute arbitrary code on the server.
Executive summary
An authenticated Server-Side Template Injection (SSTI) vulnerability in the Centreon Infra Monitoring open-tickets module allows attackers to achieve remote code execution.
Vulnerability
The message_confirm field in the centreon-open-tickets module is rendered via the Smarty template engine without adequate sanitization. This allows an authenticated user to inject malicious template code, leading to remote code execution and potential exposure of sensitive environment variables.
Business impact
The ability to execute arbitrary code on an infrastructure monitoring server grants an attacker deep access to the environment, potentially compromising all systems monitored by the platform. With a CVSS score of 9.6, this vulnerability poses an extreme risk to both the confidentiality and availability of the organization's monitoring infrastructure.
Remediation
Immediate Action: Update Centreon Infra Monitoring to version 24.10.14 or 25.10.9, depending on the current deployment branch.
Proactive Monitoring: Audit logs for suspicious activity involving the centreon-open-tickets module and monitor for unexpected child processes spawned by the web server user.
Compensating Controls: Restrict access to the Centreon management interface to trusted administrative networks only to reduce the risk of malicious authenticated users.
Exploitation status
Public Exploit Available: No (No confirmed public exploit available in current data).
Analyst recommendation
Given the severity of remote code execution, this patch should be applied with high priority. Ensure all monitoring platform instances are updated to the specified versions to prevent potential unauthorized system control.