The French CERT has announced that several vulnerabilities have been discovered in the GLPI asset‑management software. Some of the flaws can lead to a breach of data integrity, allow remote indirect code injection (XSS), and enable attackers to bypass security policies. The affected releases are GLPI 11.0.x versions earlier than 11.0.7 and all releases earlier than 10.0.25. The advisory lists multiple CVE identifiers (CVE‑2026‑40108, CVE‑2026‑42318, CVE‑2026‑42321, CVE‑2026‑5385) and references nine GitHub security advisories dated 1 June 2026. Users are advised to consult the vendor’s security bulletins for patch information and to upgrade to a supported version. Operators should apply the patches released by GLPI. The CERT directs affected organizations to download the updates from the GLPI security advisories linked in the alert. The update process involves replacing the vulnerable components and validating the configuration to ensure that the security controls are active. The alert was issued on 2 June 2026 by the French Ministry of the Armed Forces and the National Agency for Information Systems Security.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.