CVE-2026-2750 PUBLISHED

Command Injection via CLAPI generatetraps

Assigner: Centreon
Reserved: 19.02.2026 Published: 27.02.2026 Updated: 27.02.2026

Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.1

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Centreon
Product	Centreon Open Tickets on Central Server
Versions	Default: unaffected affected from all to 25.10; 24.10;24.04 (excl.)

Credits

Texugo from Hakaï Security finder

References

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503

Problem Types

CWE-20 Improper Input Validation CWE