Critical severity9.1NVD Advisory· Published Apr 6, 2026· Updated Apr 7, 2026
CVE-2026-26026
CVE-2026-26026
Description
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*range: >=11.0.0,<11.0.6
- (no CPE)range: >=11.0.0, <11.0.6
Patches
Vulnerability mechanics
References
1- github.com/glpi-project/glpi/security/advisories/GHSA-2c98-648q-h27hnvdVendor Advisory
News mentions
0No linked articles in our index yet.