Multiple vulnerabilities in Centreon products including remote code execution, SQL injection, and XSS

72% confidence

Description

Multiple vulnerabilities have been discovered in Centreon products that allow an attacker to perform remote arbitrary code execution, SQL injection (SQLi), and remote indirect code injection (XSS).

Affected Products

Vendor	Product	Versions
centreon	centreon products	Anomaly Detection versions prior to 24.10.10 and 25.10.5, Auto Discovery versions prior to 24.10.13 and 25.10.5, AWIE versions prior to 24.10.6 and 25.10.6, BAM versions prior to 24.10.14 and 25.10.5, DSM versions prior to 24.10.6 and 25.10.3, License Manager versions prior to 24.10.9 and 25.10.4, MAP versions prior to 24.10.17 and 25.10.5, MBI versions prior to 24.04.15, 24.10.17 and 25.10.5, Open Tickets versions prior to 24.10.11 and 25.10.6

Related News (1 articles)

Tier B

CERT-FR15h ago

Multiples vulnérabilités dans les produits Centreon (12 mai 2026)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

24.10.1025.10.524.10.1324.10.625.10.624.10.1425.10.524.10.625.10.324.10.925.10.424.10.1725.10.524.04.1524.10.1725.10.524.10.1125.10.6

CWECWE-94, CWE-89, CWE-79

PublishedMay 12, 2026

Last enriched1h ago

Multiple vulnerabilities in Centreon products including remote code execution, SQL injection, and XSS

Description

Affected Products

Related News (1 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline