PatchSiren

glpi-project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM glpi-project CVE published 2026-06-28

CVE-2026-13490

CVE-2026-13490 is an authorization bypass vulnerability in the Document Handler component of glpi-project glpi versions 11.0.5, 11.0.6, and 11.0.7. The vulnerability exists in the `Document::canViewFile` function within the `front/document.send.php` file. An attacker can exploit this vulnerability remotely, but the attack has high complexity and is difficult to exploit. The vendor, glpi-project, was conta [truncated]

MEDIUM glpi-project CVE published 2026-05-19

CVE-2026-32312

CVE-2026-32312 is a medium-severity GLPI issue disclosed on 2026-05-19. In affected versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission could export the structure of forms they were not authorized to access. The issue is fixed in GLPI 11.0.7.