← Back

CVE-2026-22248

nvd nist
Published: Mar 11, 2026Modified: Mar 20, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.

Affected (1)

Products: Teclib Edition: Glpi
Teclib Edition
1 product
Glpi
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Glpi
From 11.0.0 to 11.0.5

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.