Home

Description

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

PUBLISHED Reserved 2026-03-11 | Published 2026-05-18 | Updated 2026-05-19 | Assigner GitHub_M




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

>= 11.0.0, < 11.0.7
affected

References

github.com/...t/glpi/security/advisories/GHSA-cg63-qchq-q626

github.com/glpi-project/glpi/releases/tag/11.0.7

cve.org (CVE-2026-32312)

nvd.nist.gov (CVE-2026-32312)

Download JSON