Compliance Impact

The vulnerability allows remote code execution by an administrator through template injection, leading to high impact on confidentiality, integrity, and availability. This can result in unauthorized data access, modification, and service disruption.

Such severe impacts on data confidentiality and integrity could negatively affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Mitigating this vulnerability by upgrading to GLPI version 11.0.6 or later is essential to maintain compliance and reduce risk.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-26026 is a critical Server-Side Template Injection (SSTI) vulnerability in the GLPI software package versions 11.0.0 to before 11.0.6. It occurs because the template engine improperly handles externally-influenced input, allowing an administrator to inject malicious template code.

This injection leads to remote code execution (RCE), meaning an attacker with administrator privileges can execute arbitrary code on the server remotely without any user interaction.

The vulnerability is caused by two main weaknesses: improper control of code generation (CWE-94) and improper neutralization of special elements in the template engine (CWE-1336).

The issue is fixed in GLPI version 11.0.6.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized access, modification, and disruption of your system.

• Remote Code Execution (RCE) allows an attacker with administrator privileges to run arbitrary code on the server.
• Confidentiality impact is high, meaning sensitive data could be accessed without authorization.
• Integrity impact is high, allowing attackers to modify data or system behavior.
• Availability impact is high, potentially causing service disruption or denial of service.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves Server-Side Template Injection (SSTI) in GLPI versions 11.0.0 to before 11.0.6, exploitable by an administrator through malicious template code injection leading to remote code execution.

Detection typically requires verifying the GLPI version in use and monitoring for suspicious template modifications or unexpected code execution patterns.

Since exploitation requires administrator privileges and involves template injection, commands to check the GLPI version and audit template files or logs may help detect potential exploitation.

• Check GLPI version via the web interface or by running: `php bin/console glpi:version` (if available).
• Review recent changes to template files or configurations for unexpected modifications.
• Monitor web server logs for unusual requests or errors related to template rendering.
• Use network monitoring tools to detect suspicious remote exploitation attempts targeting GLPI.

Useful 0 Not Useful 0

Mitigation Strategies

The primary and recommended mitigation is to upgrade GLPI to version 11.0.6 or later, where this Server-Side Template Injection vulnerability has been fixed.

Since the vulnerability requires administrator privileges to exploit, restricting and auditing administrator access can reduce risk.

• Upgrade GLPI to version 11.0.6 or newer immediately.
• Limit administrator privileges to trusted users only.
• Audit and monitor template changes and administrator activities.
• Apply network-level protections such as firewalls and intrusion detection systems to detect and block exploitation attempts.

Useful 0 Not Useful 0