PT-2026-6181 · Glpi+1 · Glpi+1
Silhusk
·
Published
2026-02-04
·
Updated
2026-03-19
·
CVE-2026-23624
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GLPI versions 0.71 through 10.0.22
GLPI versions 0.71 through 11.0.4
Description
GLPI is an asset and IT management software package. When remote authentication is used with Single Sign-On (SSO) variables, a user can potentially gain access to another user's existing GLPI session on the same machine.
Recommendations
Update GLPI to version 10.0.23 or later.
Update GLPI to version 11.0.5 or later.
Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glpi
Red Os