CVE-2026-42320 – GLPI vulnerable to arbitrary file access

CVE ID :CVE-2026-42320

Published : June 3, 2026, 4:16 p.m. | 16 minutes ago

Description :GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-6657 – CORS Origin Validation Bypass in jupyter-server

CVE-2026-44281 – GLPI vulnerable to unauthorized reading of a specific asset object

CVE-2026-42321 – GLPI has stored XSS in asset locks

CVE-2026-42318 – GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint