Skip to main content

GLPI EUVD-2026-34096

| CVE-2026-42320 MEDIUM
Missing Authorization (CWE-862)
2026-06-03 GitHub_M
Authentication Bypass Glpi
5.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 03, 2026 - 18:33 vuln.today
Patch available
Jun 03, 2026 - 17:01 EUVD
CVSS changed
Jun 03, 2026 - 16:22 NVD
5.9 (MEDIUM)
CVE Published
Jun 03, 2026 - 15:23 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

AnalysisAI

Arbitrary file read within GLPI_DOC_DIR is exploitable by authenticated technicians in GLPI versions 0.50 through 10.0.24 and 11.0.0 through 11.0.6, stemming from missing authorization controls (CWE-862) on document directory access. An attacker holding a technician-level account can read any file stored under the GLPI_DOC_DIR path without appropriate privilege checks, exposing potentially sensitive documents, attachments, or internal data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain GLPI technician credentials
Delivery
Authenticate to target GLPI instance
Exploit
Craft file read request targeting GLPI_DOC_DIR path
Execution
Bypass missing authorization check
Persist
Read arbitrary files from document directory
Impact
Exfiltrate sensitive data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated GLPI account with at minimum technician-level privileges, as confirmed by CVSS 4.0 PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.9 (Medium) reflects meaningful constraints on exploitability: PR:H requires the attacker to already hold a high-privilege technician account, and AC:H indicates elevated attack complexity, suggesting the file read mechanism is not trivially triggered. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid GLPI technician account - obtained through credential theft, phishing, or abuse of an insider account - sends a crafted request targeting the document retrieval mechanism, specifying a file path within GLPI_DOC_DIR that the technician would not normally be authorized to access. Because the authorization check is absent (CWE-862), the server returns the file contents directly, allowing the attacker to read sensitive documents stored in the directory. …
Remediation Upgrade to GLPI 10.0.25 or GLPI 11.0.7 - both versions contain the vendor-released patch addressing this authorization gap, as confirmed by the GitHub security advisory GHSA-58j6-94cf-gcx5. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34096 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy