Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 18, 2026
GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
CVE-2026-26001
Description
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.6.6+ 1 more
- (no CPE)range: <1.6.6
- (no CPE)range: < 1.6.6
Patches
Vulnerability mechanics
References
1- github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-gp4r-m42c-wvgxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.