High severity8.1NVD Advisory· Published Apr 6, 2026· Updated Apr 7, 2026
CVE-2026-26263
CVE-2026-26263
Description
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*range: >=11.0.0,<11.0.6
- (no CPE)range: >=11.0.0, <11.0.6
Patches
Vulnerability mechanics
References
1- github.com/glpi-project/glpi/security/advisories/GHSA-346p-qj3v-9rxjnvdVendor Advisory
News mentions
0No linked articles in our index yet.