Multiple security vulnerabilities have been identified in GLPI, affecting versions 11.0.x prior to 11.0.5 and versions between 0.71 and 10.0.23. The flaws could allow attackers to compromise data confidentiality, bypass security policies, and execute server-side request forgery (SSRF) and SQL injection (SQLi) attacks. Affected systems are advised to apply patches available in the GLPI security bulletins published on February 4, 2026. The advisories, including CVE references CVE-2026-22044, CVE-2026-22247, and CVE-2026-23624, provide detailed remediation guidance. Users are urged to review the official documentation for specific correction procedures.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0117/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.