PatchSiren

Centreon CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Centreon CVE published 2026-07-13

CVE-2026-14453

CVE-2026-14453 is a critical Server-Side Template Injection (SSTI) vulnerability in Centreon's centreon-open-tickets module. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availabil [truncated]