CVE-2026-42317
GLPI vulnerable to arbitrary files deletion by technician
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
18th
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch.
| CWE | CWE-862 |
| Vendor | glpi-project |
| Product | glpi |
| Published | Jun 3, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for glpi-project glpi
Be the first to know when new unknown vulnerabilities affecting glpi-project glpi are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
glpi-project / glpi
>= 11.0.0, < 11.0.7 >= 0.78, < 10.0.25