Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN357
_____________________________________________________________________

DATE                : 07/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GLPI versions prior to 11.0.6.

=====================================================================
https://github.com/glpi-project/glpi/security/advisories/GHSA-2c98-648q-h27h
https://github.com/glpi-project/glpi/security/advisories/GHSA-3m49-qf92-vccr
https://github.com/glpi-project/glpi/security/advisories/GHSA-chch-wcm9-f9cp
https://github.com/glpi-project/glpi/security/advisories/GHSA-346p-qj3v-9rxj
https://github.com/glpi-project/glpi/security/advisories/GHSA-m627-945g-x7xh
_____________________________________________________________________


Server-Side Template Injection
Critical
trasher published GHSA-2c98-648q-h27h Apr 3, 2026

Package
glpi (glpi)

Affected versions
>= 11.0.0

Patched versions
11.0.6


Description

Impact

Template injection by an administrator lead to RCE.


Patches

Upgrade to 11.0.6.


For more information

If you have any questions or comments about this advisory, mail us at
glpi-security@ow2.org.


Severity
Critical
9.1/ 10
CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE ID
CVE-2026-26026

Weaknesses
Weakness CWE-94
Weakness CWE-1336

Credits

    @BZHunt BZHunt Analyst

_____________________________________________________________________


Authenticated SQL Injection via log exports
High
trasher published GHSA-3m49-qf92-vccr Apr 3, 2026

Package
glpi (glpi)

Affected versions
>= 10.0.0

Patched versions
10.0.24, 11.0.6


Description

Impact

An authenticated user can perform a SQL injection via the logs export
feature.


Patches

Upgrade to 10.0.24 or 11.0.6.


For more information

If you have any questions or comments about this advisory, mail us at
glpi-security@ow2.org.


Severity
High
7.2/ 10
CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-29047

Weaknesses
Weakness CWE-89

Credits

    @UncleJ4ck UncleJ4ck Reporter
    @Shakun8 Shakun8 Reporter


_____________________________________________________________________


Unauthenticated Stored XSS via inventory
High
trasher published GHSA-chch-wcm9-f9cp Apr 3, 2026

Package
glpi (glpi)

Affected versions
>= 11.0.0

Patched versions
11.0.6


Description

Impact

An unauthenticated user can store an XSS payload through the inventory
endpoint.


Patches

Upgrade to 11.0.6.


For more information

If you have any questions or comments about this advisory, mail us at
glpi-security@ow2.org.


Severity
High
7.5/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-26027

Weaknesses
Weakness CWE-79
Weakness CWE-116
Weakness CWE-306

Credits

    @BZHunt BZHunt Reporter


_____________________________________________________________________


Unauthenticated SQL Injection via Search engine
High
trasher published GHSA-346p-qj3v-9rxj Apr 3, 2026

Package
glpi (glpi)

Affected versions
>= 11.0.0

Patched versions
11.0.6


Description

Impact

An unauthenticated time-based blind SQL injection exists in GLPI's Search
engine.


Patches

Upgrade to 11.0.6.


Workaround

Disable anonymous access to the FAQ so that this security vulnerability can
only be exploited by an authenticated user.


For more information

If you have any questions or comments about this advisory, mail us at
glpi-security@ow2.org.


Severity
High
8.1/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-26263

Weaknesses
Weakness CWE-89

Credits

    @BZHunt BZHunt Reporter
    @aarjubh aarjubh Reporter


_____________________________________________________________________


Stored XSS in Supplier
High
trasher published GHSA-m627-945g-x7xh Apr 3, 2026

Package
glpi (glpi)

Affected versions
>= 0.60, < 11.0.0

Patched versions
10.0.24


Description

Impact

An authenticated technician user can store an XSS payload in a
supplier fields.


Patches

Upgrade to 10.0.24.


For more information

If you have any questions or comments about this advisory, mail us
at glpi-security@ow2.org.

Severity
High
7.2/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-25932

Weaknesses
Weakness CWE-116

Credits

    @varandaa varandaa Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================