Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Feb 5, 2026

GLPI is Vulnerable to SSRF via Webhooks

CVE-2026-22247

Description

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Affected products

Glpi Project/Glpiv5
Range: >= 11.0.0, < 11.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/releases/tag/11.0.5mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5xmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000