cvedb.io
CVE-2026-26001
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2026-03-18T00:16:18.770 · Last modified 2026-06-17T10:25:34.560

Summary

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.

Affected products

glpi-project — glpi_inventory

Does this affect you?

Add your gear to cvedb and we'll alert you only when glpi-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.