CVE-2026-26026
HIGH WAF: Medium
CVSS 7.2
Published: 2026-04-06
CWE-94
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| glpi-project | glpi | 11.0.0 - 11.0.6 |
References
- github.com (Vendor Advisory)