CVE-2026-14453
This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product.
- CVSS base score ≥ 7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:HATT&CK techniques
4Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
CAPEC attack patterns
3Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.