CVE-2026-13490 is an authorization bypass vulnerability in the Document Handler component of glpi-project glpi versions 11.0.5, 11.0.6, and 11.0.7. The vulnerability exists in the `Document::canViewFile` function within the `front/document.send.php` file. An attacker can exploit this vulnerability remotely, but the attack has high complexity and is difficult to exploit. The vendor, glpi-project, was conta [truncated]
CVE-2026-32312 is a medium-severity GLPI issue disclosed on 2026-05-19. In affected versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission could export the structure of forms they were not authorized to access. The issue is fixed in GLPI 11.0.7.