PT-2026-6105 · Glpi+1 · Glpi+1
Jpgjpgjpgjpg
·
Published
2026-02-04
·
Updated
2026-03-19
·
CVE-2026-22247
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GLPI versions 11.0.0 through 11.0.4
Description
A GLPI administrator can perform Server-Side Request Forgery (SSRF) requests through the Webhook feature. This allows an attacker to potentially make requests on behalf of the server, accessing internal resources or performing actions with the server's privileges.
Recommendations
Update to version 11.0.5 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi
Red Os