CVE-2026-22248
Received Received - Intake
Remote Code Execution via Unsafe File Upload in GLPI 11.0.x

Publication date: 2026-03-11

Last updated on: 2026-03-20

Assigner: GitHub, Inc.

Description
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22248
EUVD
EUVD-2026-11192
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
teclib-edition glpi From 11.0.0 (inc) to 11.0.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade the GLPI software to version 11.0.5 or later.

Executive Summary

CVE-2026-22248 is a high-severity remote code execution vulnerability in the GLPI software package versions 11.0.0 to before 11.0.5.

An authenticated technician user can upload a malicious file that triggers unsafe PHP instantiation due to improper deserialization of untrusted data.

This flaw allows the attacker to execute arbitrary code remotely on the affected system.

Impact Analysis

This vulnerability can lead to remote code execution, allowing an attacker with technician-level access to run arbitrary code on the system.

The impact includes full compromise of confidentiality, integrity, and availability of the affected system.

Because the attack vector is network-based and requires high privileges but no user interaction, it poses a significant risk in environments where GLPI is used.

Compliance Impact

I don't know

Detection Guidance

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22248. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart