CVE-2026-22248

High CVSS: 8.0

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.

Vendor

Teclib-edition

Product

Glpi

CWE

CWE-502

Yayın Tarihi

2026-03-11 16:16:24

Güncelleme

2026-03-20 14:29:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-502 Glpi HIGH Teclib-edition 2026

Referanslar

https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4

Benzer Kayıtlar

Medium

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malic…

Medium

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an auth…

Critical

CVE-2026-23489

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possi…