Server-Side Template Injection in Centreon Infra Monitoring Product
CVE-2026-14453
9.6CRITICAL
What is CVE-2026-14453?
The Centreon Infra Monitoring product contains a significant Server-Side Template Injection flaw within the centreon-open-tickets module. This vulnerability arises from the message_confirm field being stored without proper sanitization, allowing it to be rendered via Smarty without an enabling security policy. As a result, any authenticated user can inject and execute arbitrary code on the server, potentially leading to unauthorized access to sensitive environment secrets and jeopardizing the overall availability of the platform.
Affected Version(s)
Infra Monitoring 24.10.0
Infra Monitoring 24.10.0 < 24.10.14
Infra Monitoring 25.10.0 < 25.10.9
