Vulnerabilities ›

CVE-2026-26026

Critical

CWE-94 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 13, 2026                      ·  Source: NVD                

CVSS v3

9.1

🔗 NVD Official

📄 Description (English)

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.

🤖 AI Executive Summary

GLPI versions 11.0.0 through 11.0.5 contain a template injection vulnerability allowing authenticated administrators to execute arbitrary code on the server. This critical flaw enables complete system compromise through malicious template manipulation.

📄 Description (Arabic)

ثغرة حقن القوالب في GLPI تسمح للمسؤولين المصرح لهم بتنفيذ أكواد تعسفية على الخادم من خلال معالجة القوالب غير الآمنة. تؤثر الثغرة على الإصدارات من 11.0.0 إلى 11.0.5 وتم إصلاحها في الإصدار 11.0.6.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Apr 13, 2026 01:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom healthcare energy

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1190

⚖️ Saudi Risk Score (AI)

9.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade GLPI to version 11.0.6 or later. Restrict administrative access to trusted personnel only. Implement network segmentation to limit admin panel access. Monitor template modifications and audit administrative activities. Apply principle of least privilege for admin accounts.

🔧 خطوات المعالجة (العربية)

قم بترقية GLPI إلى الإصدار 11.0.6 أو أحدث فوراً. قيّد الوصول الإداري للموظفين الموثوقين فقط. طبّق تقسيم الشبكة لتحديد الوصول إلى لوحة المسؤول. راقب تعديلات القوالب وتدقيق الأنشطة الإدارية. طبّق مبدأ أقل صلاحية للحسابات الإدارية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

CC-6.1 CC-6.2 CC-7.2

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://github.com/glpi-project/glpi/security/advisories/GHSA-2c98-648q-h27h

security-advisories@github.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

glpi-project:glpi

📊 CVSS Score

9.1

/ 10.0 — Critical

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Critical

CVSS Score9.1

CWECWE-94

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

9.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-94

🏢 Vendor Advisories

🔗 https://github.com/glpi-project/glpi/security/adviso...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-26026

Introduce Yourself

Sign In Required