CVE-2026-26027

High CVSS: 7.5

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.

Vendor

Glpi-project

Product

Glpi

CWE

CWE-79

Yayın Tarihi

2026-04-06 15:17:07

Güncelleme

2026-04-07 16:02:54

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Glpi HIGH Glpi-project 2026

Referanslar

https://github.com/glpi-project/glpi/security/advisories/GHSA-chch-wcm9-f9cp

Benzer Kayıtlar

Critical

CVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administ…

High

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based bli…

High

CVE-2026-29047

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user…

High

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user c…

High

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…

Medium

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents…