CVE-2026-25937

Medium CVSS: 6.5

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

Vendor

Teclib-edition

Product

Glpi

CWE

CWE-287

Yayın Tarihi

2026-03-18 00:16:18

Güncelleme

2026-03-23 18:16:40

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Glpi MEDIUM Teclib-edition 2026

Referanslar

https://github.com/glpi-project/glpi/security/advisories/GHSA-2g3p-vwp2-7qxm

Benzer Kayıtlar

Medium

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an auth…

Critical

CVE-2026-23489

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possi…

High

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses track…