PT-2026-24698 · Glpi+1 · Glpi+1
R1Beirin
·
Published
2026-03-11
·
Updated
2026-03-20
·
CVE-2026-22248
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GLPI versions 11.0.0 through 11.0.4
Description
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation.
Recommendations
Update GLPI to version 11.0.5 or later.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi
Red Os