CVE-2026-2751 is a Blind SQL Injection vulnerability discovered in the Service Dependencies deletion module of Centreon Web on Central Server, a widely used IT infrastructure monitoring solution deployed on Linux servers. The vulnerability stems from unsanitized array keys in the deletion process, which allows an attacker with low privileges to inject arbitrary SQL commands into the backend database. Because the injection is blind, attackers cannot directly see query results but can infer data through timing or behavioral differences. The vulnerability affects all supported versions of Centreon Web, indicating a systemic issue in input validation within the affected module. The CVSS 3.1 base score of 8.3 reflects its high severity, with an attack vector of network (remote exploitation), low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity substantially, with limited availability impact. The flaw could enable attackers to extract sensitive monitoring data, manipulate service dependencies, or escalate privileges by corrupting database records. Although no public exploits are known yet, the vulnerability's nature and the critical role of Centreon in monitoring IT environments make it a significant security concern. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by organizations using this software.

The impact of CVE-2026-2751 is substantial for organizations relying on Centreon Web for IT infrastructure monitoring and management. Successful exploitation can lead to unauthorized disclosure of sensitive monitoring data, including system statuses, network configurations, and potentially credentials stored within the database. Integrity of the monitoring data can be compromised, allowing attackers to alter service dependencies and potentially mask malicious activities or cause false alerts. Although availability impact is limited, the loss of data integrity and confidentiality can severely disrupt incident response and operational awareness. This can lead to prolonged undetected breaches, compliance violations, and damage to organizational reputation. Given Centreon's deployment in critical infrastructure sectors such as telecommunications, finance, and government, the vulnerability poses a risk of targeted attacks aiming to undermine operational stability and security monitoring capabilities.

To mitigate CVE-2026-2751, organizations should immediately restrict access to Centreon Web Central Server interfaces to trusted administrators and networks, minimizing exposure. Implement strict input validation and sanitization on all user-supplied data, especially array keys in Service Dependencies modules, to prevent injection attacks. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting Centreon endpoints. Monitor logs for unusual database query patterns or failed deletion attempts that may indicate exploitation attempts. Segregate Centreon database access with least privilege principles, ensuring that the web application account has minimal rights to reduce potential damage. Stay alert for official patches or updates from Centreon and apply them promptly once released. Additionally, conduct regular security assessments and penetration tests focusing on web application vulnerabilities to detect similar issues proactively.