CVE-2026-2744 is a blind time-based SQL injection vulnerability identified in the Service Dependencies module of Centreon Infra Monitoring on Linux systems, specifically affecting versions 24.04, 24.10, and 25.10. The vulnerability arises because the application improperly sanitizes the keys of the select[] POST array parameter, allowing an authenticated user to inject arbitrary SQL commands. Being a blind time-based injection, the attacker can infer database information by measuring response delays, enabling full extraction of sensitive data from the backend database. The vulnerability requires the attacker to have valid user credentials (authenticated access) but does not require any additional user interaction. The CVSS v3.1 score is 8.3, reflecting high severity due to the ease of exploitation over the network (no complex attack vector), low attack complexity, and significant impact on confidentiality and integrity of data. The vulnerability does not significantly affect availability but can lead to data leakage and unauthorized data manipulation. No public exploits are currently known, but the vulnerability is publicly disclosed and should be treated as a critical risk for affected organizations. Centreon Infra Monitoring is widely used for IT infrastructure monitoring, making this vulnerability particularly concerning for organizations relying on it for operational visibility and management.

The primary impact of CVE-2026-2744 is the compromise of confidentiality and integrity of the monitored infrastructure's data. An attacker exploiting this vulnerability can extract sensitive information from the Centreon database, including configuration details, credentials, and monitoring data, which can be leveraged for further attacks or espionage. The integrity of the monitoring data can also be compromised, potentially misleading administrators about the state of their infrastructure. Although availability impact is low, the loss of trust in monitoring data can disrupt incident response and operational decision-making. Organizations worldwide using Centreon Infra Monitoring in critical environments such as telecommunications, finance, healthcare, and government sectors face increased risk of data breaches and operational disruption. The requirement for authentication limits the attack surface but does not eliminate risk, especially in environments with weak credential management or insider threats.

To mitigate CVE-2026-2744, organizations should immediately apply any available patches or updates from Centreon addressing this vulnerability. If patches are not yet available, implement strict access controls to limit authenticated user privileges, ensuring only trusted personnel have access to the Service Dependencies page. Employ web application firewalls (WAFs) with custom rules to detect and block anomalous SQL injection patterns targeting the select[] POST parameter keys. Conduct thorough credential audits and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of compromised accounts. Regularly monitor logs for unusual query patterns or delays indicative of time-based SQL injection attempts. Additionally, consider network segmentation to isolate Centreon servers from less trusted networks. Finally, review and harden database permissions to minimize the impact of any successful injection attempts.