PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11321 pluginsGLPI CVE debrief

The DataInjection plugin for GLPI 2.15.6 is vulnerable to authenticated SQL injection. During CSV import, user-supplied CSV field values are concatenated directly into SQL queries without parameterization or escaping. An authenticated user with access to the Data injection feature can embed SQL expressions, such as SLEEP(), in a mapped field (e.g., Serial Number) to manipulate the generated query and extract database information via time-based blind injection.

Vendor
pluginsGLPI
Product
datainjection
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

GLPI users who have the DataInjection plugin installed, particularly those using version 2.15.6, should be aware of this vulnerability. System administrators and security teams responsible for GLPI instances with the DataInjection plugin should prioritize patching and monitoring.

Technical summary

The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) is susceptible to authenticated SQL injection during CSV import. User-supplied CSV field values are directly concatenated into SQL queries without proper parameterization or escaping. This allows an authenticated user with access to the Data injection feature to inject SQL expressions, such as SLEEP(), into mapped fields (e.g., Serial Number) to manipulate the query and extract database information through time-based blind injection.

Defensive priority

High priority should be given to patching GLPI instances with the DataInjection plugin, especially those exposed to the internet or used by multiple users. Implement compensating controls, such as monitoring for suspicious database queries or anomalies in user behavior.

Recommended defensive actions

  • Apply the patch from version 2.15.7 or later
  • Restrict access to the Data injection feature to trusted users
  • Monitor for suspicious database queries or anomalies in user behavior
  • Perform regular security audits and vulnerability assessments
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-10T20:16:45.453Z and has not been modified since then. The NVD entry is currently Received. Limited information is available about the affected scope and vendor remediation efforts.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T20:16:45.453Z and has not been modified since then. The NVD entry is currently Received.