Centreon disclosed CVE-2026-2749 on February 24, 2026. CVSS score 9.9 (Critical). A path traversal vulnerability in Open Tickets module allows authenticated users to write or delete arbitrary files on the server.

Centreon is infrastructure monitoring software used by enterprises and managed service providers worldwide.

What It Does

Path traversal in the Open Tickets file upload function. Authenticated user can manipulate file paths to:

  • Write files outside intended directory
  • Delete arbitrary system files
  • Overwrite critical configuration
  • Plant backdoors in web-accessible locations

Low privileges required. No user interaction needed.

Who's Affected

Organizations running Centreon Open Tickets module on Central Server (Linux):

Vulnerable versions:

  • All 25.x versions before 25.10.3
  • All 24.10.x versions before 24.10.8
  • All 24.04.x versions before 24.04.7

If you run Centreon monitoring, check your Open Tickets module version immediately.

Technical Details

CVE: CVE-2026-2749 CVSS Score: 9.9 (Critical) Attack Vector: Network Privileges Required: Low (authenticated user) User Interaction: None Scope: Changed (impact beyond vulnerable component) Discovered by: Texugo from Hakai Security

The flaw bypasses directory restrictions in file upload handling. Attacker crafts upload request with path traversal sequences (../) to escape intended directory.

Attack Scenario

  1. Attacker has low-privilege Centreon account
  2. Uses Open Tickets file upload function
  3. Crafts filename with path traversal: ../../../../var/www/html/shell.php
  4. Uploads malicious PHP file to web root
  5. Accesses shell via browser: https://centreon-server/shell.php
  6. Full system compromise

Patch Now

Fixed versions:

  • Centreon Open Tickets 25.10.3
  • Centreon Open Tickets 24.10.8
  • Centreon Open Tickets 24.04.7

Update instructions:

  1. Backup Open Ticket provider configurations
  2. Follow standard Centreon update procedures
  3. Verify version after update
  4. For HA deployments, follow Centreon HA update process

No workarounds exist. Update is mandatory.

Check for Compromise

Review logs for:

  • Unexpected file uploads to Open Tickets
  • Files created outside intended directories
  • Suspicious PHP, shell, or executable files in web directories
  • Unauthorized access to sensitive system paths

Check /var/www/html and other web-accessible directories for files that shouldn't exist.

Why This Matters

Centreon monitors critical infrastructure. Compromise of a Centreon server gives attackers:

  • Visibility into entire monitored network
  • Credentials for monitored systems
  • Ability to disable monitoring and hide attacks
  • Access to configuration and topology data

Monitoring systems are high-value targets for persistent access.

Bottom Line

CVE-2026-2749 is critical path traversal in Centreon Open Tickets. Authenticated users can write arbitrary files, leading to full system compromise.

Update to fixed versions immediately: 25.10.3, 24.10.8, or 24.04.7.

Check for indicators of compromise. Centreon servers are privileged targets that see your entire infrastructure.

Priority: Critical. Action: Patch today.