Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Glpi Project
Glpi

glpi-project glpi Vulnerabilities: CVEs, CISA KEV & Security Advisories

203 CVEs

1 in CISA KEV

glpi-project glpi Vulnerabilities

CVE security advisories and vulnerability history for glpi by glpi-project.

203

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

21

Public exploits

With known exploit

6.7

Avg CVSS

2011–2026

Last updated June 3, 2026

Overview

glpi-project glpi has 203 published CVE records since 2011, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 21 have a known public exploit. The average CVSS base score across scored CVEs is 6.7.

This page aggregates every publicly disclosed vulnerability (CVE) affecting glpi-project glpi, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include Linux, MacOS, Windows.

Severity and exploitation

How the CVSS severity of glpi-project glpi's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical10

High60

Medium89

Low7

37 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of glpi-project glpi's CVEs is confirmed exploited in the wild.

Public exploits

21

21 of glpi-project glpi's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every glpi-project glpi version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

Fixed in

08ee4d266768dc1f76cb6c716d7fd118d39676d916 CVEs
10.0.1716 CVEs
10.0.411 CVEs
7a9752f4d66351268cb25908f2bb2b94fbc0608c11 CVEs
0c860f018f5bd0f08b87d217a376304e62a5ba5810 CVEs
10.0.1010 CVEs
10.0.189 CVEs
9389461d8a207bdcdf4f50f9db9fc8acdf6c7bbf9 CVEs
cacbc037d59a7617ae19f13dc679ce72f7924db29 CVEs
10.0.198 CVEs
10.0.78 CVEs
59a0a0b6101fcd54b00bfc6a61d4e707513c08c98 CVEs

Find a version

203 CVEs

Sort

GLPI has stored XSS in asset locks
CVE-2026-42321CWE-116
High · CVSS 8.4
EPSS 0.0% (14th pct)2026-06-03
GLPI vulnerable to arbitrary file access
CVE-2026-42320CWE-862
Medium · CVSS 5.9
EPSS 0.0% (11th pct)2026-06-03
GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint
CVE-2026-42318CWE-862
High · CVSS 7.0
EPSS 0.0% (11th pct)2026-06-03
GLPI vulnerable to arbitrary files deletion by technician
CVE-2026-42317CWE-862
High · CVSS 7.0
EPSS 0.1% (18th pct)2026-06-03
GLPI vulnerable to unauthorized reading of a specific asset object
CVE-2026-44281CWE-862
High · CVSS 7.0
EPSS 0.0% (11th pct)2026-06-03
GLPI Vulnerable to Stored XSS in ITIL Costs
CVE-2026-40108CWE-79
High · CVSS 7.1
EPSS 0.0% (14th pct)2026-06-02
GLPI 11.0.0 - Stored XSS in knowledge base
CVE-2026-5385
Public exploit
Patch
CWE-79
High · CVSS 8.4
EPSS 0.1% (23th pct)2026-06-02
GLPI: Unauthorized export of form structure
CVE-2026-32312
Patch
CWE-862
Medium · CVSS 5.1
EPSS 0.0% (10th pct)2026-05-18
GLPI has an Authenticated SQL Injection via log exports
CVE-2026-29047
Patch
CWE-89
High · CVSS 7.2
EPSS 0.0% (2th pct)2026-04-06
GLPI has an Unauthenticated SQL Injection via Search engine
CVE-2026-26263
Patch
CWE-89
High · CVSS 8.1
EPSS 0.0% (13th pct)2026-04-06
GLPI has an Unauthenticated Stored XSS via inventory
CVE-2026-26027
Patch
CWE-116
High · CVSS 7.5
EPSS 0.1% (21th pct)2026-04-06
GLPI has a Server-Side Template Injection via Double-Compilation
CVE-2026-26026
Patch
CWE-1336
Critical · CVSS 9.1
EPSS 0.1% (20th pct)2026-04-06
GLPI has Stored XSS in Supplier 'Website' field
CVE-2026-25932
Patch
CWE-116
High · CVSS 7.2
EPSS 0.0% (2th pct)2026-04-06
GLPI has a MFA bypass
CVE-2026-25937
Patch
CWE-287
Medium · CVSS 6.5
EPSS 0.0% (3th pct)2026-03-17
GLPI Vulnerable to Authenticated SQL Injection
CVE-2026-25936
Patch
CWE-89
Medium · CVSS 6.5
EPSS 0.1% (16th pct)2026-03-17
GLPI affected by Remote Code Execution via malicious upload
CVE-2026-22248
Patch
CWE-502
High · CVSS 8.1
EPSS 0.3% (50th pct)2026-03-11
GLPI is Vulnerable to Authenticated SQL Injection
CVE-2026-22044
Patch
CWE-89
Medium · CVSS 6.5
EPSS 0.1% (16th pct)2026-02-04
GLPI is vulnerable to session stealing on externally authenticated user change
CVE-2026-23624
Patch
CWE-384
Medium · CVSS 4.3
EPSS 0.1% (35th pct)2026-02-04
GLPI is Vulnerable to SSRF via Webhooks
CVE-2026-22247
Patch
CWE-918
Medium · CVSS 4.1
EPSS 0.0% (4th pct)2026-02-04
GLPI has an unauthenticated SQL injection through the inventory endpoint
CVE-2025-66417
Patch
CWE-89
High · CVSS 7.5
EPSS 0.1% (17th pct)2026-01-15
GLPI incorrectly authorizes access to documents
CVE-2025-64516
Patch
CWE-639
High · CVSS 7.5
EPSS 0.0% (14th pct)2026-01-15
GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint
CVE-2023-53943
Public exploit
CWE-203
Medium · CVSS 6.9
EPSS 0.1% (16th pct)2025-12-18
GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API
CVE-2025-64520
Patch
CWE-862
Medium · CVSS 6.5
EPSS 0.0% (12th pct)2025-12-16
GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page
CVE-2025-59935
Patch
CWE-79
Medium · CVSS 6.5
EPSS 0.1% (22th pct)2025-12-16
GLPI permits unauthorized rules execution order
CVE-2025-53105
Patch
CWE-269
High · CVSS 7.5
EPSS 0.1% (32th pct)2025-08-27
GLPI permits reservation modification by unauthorized users
CVE-2025-53357
Patch
CWE-639
Medium · CVSS 5.4
EPSS 0.2% (38th pct)2025-07-30
GLPI technicians can access unauthorized information through external links
CVE-2025-53113
Patch
CWE-284
Low · CVSS 2.7
EPSS 0.2% (42th pct)2025-07-30
GLPI's incomprehensive permission checks can lead to data removal from allowed users
CVE-2025-53112
Patch
CWE-284
Medium · CVSS 4.3
EPSS 0.2% (39th pct)2025-07-30
GLPI exposes data to non-allowed users
CVE-2025-53111
Patch
CWE-284
Medium · CVSS 6.5
EPSS 0.2% (47th pct)2025-07-30
GLPI's MailCollector Receiver is vulnerable to credential exfiltration
CVE-2025-53008
Patch
CWE-522
Medium · CVSS 6.5
EPSS 0.2% (42th pct)2025-07-30

Showing 30 of 203

Common weakness types

The CWE weakness categories most often found in glpi-project glpi CVEs. Follow any weakness for its full explanation.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')42 CVEs
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')33 CVEs
CWE-284Improper Access Control12 CVEs
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10 CVEs
CWE-862Missing Authorization10 CVEs
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')6 CVEs
CWE-269Improper Privilege Management6 CVEs
CWE-918Server-Side Request Forgery (SSRF)6 CVEs

Disclosure activity by year

How many glpi-project glpi CVEs were published each year.

2014

3

2015

4

2017

8

2018

3

2019

10

2020

18

2021

14

2022

29

2023

35

2024

32

2025

21

2026

21

Other glpi-project products

Browse vulnerabilities for other products by glpi-project.

glpi-inventory-plugin7 CVEs glpi inventory4 CVEs glpi agent3 CVEs glpi-agent3 CVEs activity1 CVEs barcode1 CVEs cmdb1 CVEs dashboard1 CVEs

All glpi-project vulnerabilities

Frequently asked questions

Common questions about glpi-project glpi vulnerabilities.

How many CVEs does glpi-project glpi have?

glpi-project glpi has 203 published CVE records since 2011.

How many glpi-project glpi CVEs are in CISA KEV?

Yes — 1 of glpi-project glpi's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Are there public exploits for glpi-project glpi vulnerabilities?

Yes — 21 of glpi-project glpi's CVEs have a known public exploit.

Which versions of glpi-project glpi are affected?

220 distinct glpi-project glpi versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in glpi-project glpi CVEs?

glpi-project glpi's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-284 (Improper Access Control), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

How many critical glpi-project glpi vulnerabilities are there?

glpi-project glpi has 10 critical and 60 high-severity CVEs.

What is the average severity of glpi-project glpi CVEs?

The average CVSS base score across glpi-project glpi's scored CVEs is 6.7.

References

All glpi-project vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track glpi-project glpi vulnerabilities

Monitor new glpi-project glpi vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References

9.5.4

8 CVEs

10.0.87 CVEs

61ac6ca473074bf8b6681f10211cd6cfff02e9667 CVEs

7fbee4f15b37c98f6f2078bd10634ef02b5edc257 CVEs

9.4.67 CVEs

9.5.137 CVEs

bce21331d50a020cd0928178a68fe4aac2cc50b47 CVEs

10.0.136 CVEs

10.0.36 CVEs

10.0.66 CVEs

5db9ca9f678989560bcc7b46d4a89c241f25af016 CVEs

ba1f4be9d43f7ec193ef3401f11cc79efc24ca566 CVEs

d110d2b6976208ca2cac0747cab92781b45475a76 CVEs

e2d0f893191952f35c6b1a6013418308e3e1dbc26 CVEs

677b4b87af935e23b4aa95c4eff07c1bd87ce8ab5 CVEs

9.5.25 CVEs

10.0.164 CVEs

11.0.64 CVEs

54502568d9d79c8695266e587a182dd85cf76f774 CVEs

683393a84eeff1e165fa0f9f31067cc9add09b704 CVEs

815997021a5df4feb7077a12f6f52769e9bd34594 CVEs

9.5.124 CVEs

9.5.64 CVEs

10.0.113 CVEs

10.0.23 CVEs

10.0.213 CVEs

10873706f388795a1d0d72a028eb4ceba36f71693 CVEs

2328a4e76edc3d7dd999ee565edac7670ed00a443 CVEs

54b199dadf73ff97a835a7a3b09a956d9df19b8c3 CVEs

8b075d544b3e4c28f8ba51ce8dd10e57be9241723 CVEs

9.5.33 CVEs

c7dc27d600e2788acfdf695c03b50a825a3617913 CVEs

04594c95eb55611fea80af048d769d52ae14248b2 CVEs

10.0.02 CVEs

10.0.122 CVEs

10.0.152 CVEs

10.0.232 CVEs

10.0.242 CVEs

11.0.32 CVEs

11.0.52 CVEs

11.0.72 CVEs

213e6a5d33274cded09f50f395655951ae783b8a2 CVEs

3b860b94fd55dc5a6dbd1c18009adff26a14662f2 CVEs

4f7279aeec029817ebe9a209dfeec49d6c9ca11c2 CVEs

801d25b5e8249e951fb47dc8c42b5e7863ab1e342 CVEs

9.5.72 CVEs

a88bef96c03a0713f53916651bb166eb1cba78282 CVEs

a9d1277b66cd614c656faf3fd6944456ee316c552 CVEs

aade65b7f67d46f23d276a8acb0df70651c3b1dc2 CVEs

c6141a2ae3d248ddc979f15d691fb4eec3f75edc2 CVEs

e9b16bc8e9b61ebb2d35b96b9c71cd25c5af9e482 CVEs

f4258ac0a069c25cb10b2603cb460543b5efcd542 CVEs

f64caeedbeda1010cfd8142d5fa0125e115681292 CVEs

> 10.0.121 CVE

081338b2fa3a98eacb6f7ca380714f34ec0266ff1 CVE

10.0.91 CVE

39e25591efddc560e3679ab07e443ee6198705e21 CVE

3dc4475c56b241ad659cc5c7cb5fb65727409cf01 CVE

48381dbb715dc0b92ffd789604b9cb2fd695e5b51 CVE

527280358ec78988ac57e9809d2eb21fcd74caf71 CVE

5c3eee696b503fdf502f506b00d15cf5b324b3261 CVE

5da9f99b2d81713b1e36016b47ce656a33648bc71 CVE

5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf1 CVE

684d4fc423652ec7dde21cac4d41c2df53f56b3c1 CVE

6ca9a0e77299a755c356d758344a23278df67f651 CVE

78dd4cd1e0019b09f50a8296b93123f1d4c08ab91 CVE

7c8f83b6fa7d61763dae384c0320ebba194266d71 CVE

86a43ae47b3dd844947f40a2ffcf1a36e53dbba61 CVE

8e621f6ce937eea6b7f1412a65c6dd74af1887061 CVE

9.4.11 CVE

9.4.1.11 CVE

9.4.31 CVE

9.5.01 CVE

9.5.11 CVE

9.5.81 CVE

9fa6de558a9987561b80afd57a796a3fa19deee61 CVE

a3d5cc4a63ae592c0b5592ebe6d562164904dab31 CVE

a4baa64114eb92fd2adf6056a36e0582324414ba1 CVE

a8109d4ee970a222faf48cf48fae2d2f064657961 CVE

ad748d59c94da177a3ed25111c453902396f320c1 CVE

b094bc0c617761d6e7eee900950f24cea658d5601 CVE

c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb1 CVE

e7802fc051696de1f76108ea8dc3bd4e2c880f151 CVE

efd14468c92c4da43333aa9735e65fd20cbc7c6c1 CVE

f021f1f365b4acea5066d3e57c6d22658cf325751 CVE

f1ae6c8481e5c19a6f1801a5548cada45702e01a1 CVE