France’s national cybersecurity agency has identified multiple vulnerabilities in the GLPI software. The flaws allow attackers to execute arbitrary code remotely, perform cross‑site scripting (XSS), and inject SQL statements. Affected versions include GLPI 11.0.x earlier than 11.0.6 and all releases older than 10.0.24. The agency advises users to consult the GLPI security advisories linked in its bulletin for patches and detailed remediation steps. The advisory lists five CVE identifiers: CVE‑2026‑25932, CVE‑2026‑26026, CVE‑2026‑26027, CVE‑2026‑26263, and CVE‑2026‑29047. Administrators should update to the latest GLPI release or apply the vendor‑issued fixes promptly to mitigate the risks. Users should also verify that other components integrated with GLPI, such as plugins and database configurations, are not vulnerable.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.