Vulnerability Details CVE-2026-26263
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.7%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-26263
-
cpe:2.3:a:glpi-project:glpi:11.0.0
-
cpe:2.3:a:glpi-project:glpi:11.0.1
-
cpe:2.3:a:glpi-project:glpi:11.0.2
-
cpe:2.3:a:glpi-project:glpi:11.0.3
-
cpe:2.3:a:glpi-project:glpi:11.0.4
-
cpe:2.3:a:glpi-project:glpi:11.0.5