Cyber Resilience

CVE-2026-2749

Critical

Published: 27 February 2026

Published
27 February 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0046 36.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-2749 is a critical-severity Path Traversal (CWE-22) vulnerability in Centreon Open Tickets. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-2749 is a path traversal vulnerability (CWE-22) in the Centreon Open Tickets module on Centreon Central Server running on Linux, specifically affecting the Centreon Open Ticket modules. This issue impacts all versions prior to 25.10.3, 24.10.8, and 24.04.7. Published on 2026-02-27, it carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for severe impact across the confidentiality, integrity, and availability triads.

The vulnerability can be exploited by an authenticated attacker with low privileges over the network, requiring low attack complexity and no user interaction. Exploitation enables high-impact outcomes, including unauthorized access to sensitive data, modification of system files, and disruption of services, amplified by a scope change that affects the broader system.

The official Centreon security bulletin at https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493 details the issue and recommends mitigation by upgrading to Centreon Open Tickets versions 25.10.3, 24.10.8, 24.04.7, or later.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal (CWE-22) in Centreon web module allows authenticated remote attackers to exploit public-facing application (T1190), escalate privileges via scope change (T1068), discover files/directories (T1083), and access data from local system (T1005) including sensitive data and system files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-52452Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24209Same product: Linux Linux Kernel
CVE-2025-12382Same product: Linux Linux Kernel
CVE-2024-52363Same product: Linux Linux Kernel
CVE-2024-57943Same product: Linux Linux Kernel
CVE-2026-31589Same product: Linux Linux Kernel
CVE-2026-31705Same product: Linux Linux Kernel
CVE-2026-43039Same product: Linux Linux Kernel
CVE-2026-23235Same product: Linux Linux Kernel

Affected Assets

centreon
open tickets
≤ 24.04.7 · 24.10.0 — 24.10.8 · 25.10.0 — 25.10.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the path traversal vulnerability by requiring timely remediation through patching to the vendor-recommended fixed versions.

prevent

Prevents exploitation of path traversal by enforcing validation of user inputs used in file path operations within the Centreon Open Tickets module.

prevent

Enforces logical access controls to block unauthorized file access and modifications enabled by the path traversal flaw despite low-privilege authentication.

References