Glpi

glpi

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-25937 1Teclib Edition 1Glpi Mar 23, 2026 Mar 18, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11...Show more GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.Show less
CVE-2026-25936 1Teclib Edition 1Glpi Mar 19, 2026 Mar 17, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
CVE-2026-22248 1Teclib Edition 1Glpi Mar 20, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload...Show more GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.Show less