Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 18, 2026

GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

CVE-2026-26001

Description

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.

Affected products

Glpi Project/Glpi Inventory Pluginllm-fuzzy
Range: <1.6.6
glpi-project/glpi-inventory-pluginv5
Range: < 1.6.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-gp4r-m42c-wvgxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000