Vulnerability Details CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.0%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-26027
-
cpe:2.3:a:glpi-project:glpi:11.0.0
-
cpe:2.3:a:glpi-project:glpi:11.0.1
-
cpe:2.3:a:glpi-project:glpi:11.0.2
-
cpe:2.3:a:glpi-project:glpi:11.0.3
-
cpe:2.3:a:glpi-project:glpi:11.0.4
-
cpe:2.3:a:glpi-project:glpi:11.0.5