VYPR
Unrated severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

GLPI affected by Remote Code Execution via malicious upload

CVE-2026-22248

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    >=11.0.0, <11.0.5+ 1 more
    • (no CPE)range: >=11.0.0, <11.0.5
    • (no CPE)range: >= 11.0.0, < 11.0.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.