Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://github.com/centreon/centreon/releases |
|
Mon, 13 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Centreon
Centreon infra Monitoring |
|
| Vendors & Products |
Centreon
Centreon infra Monitoring |
Mon, 13 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product. | |
| Title | A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets | |
| Weaknesses | CWE-94 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Centreon
Published:
Updated: 2026-07-13T13:54:29.853Z
Reserved: 2026-07-02T08:14:59.645Z
Link: CVE-2026-14453
Updated: 2026-07-13T13:53:30.425Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T14:39:08Z