CVE-2026-40108
Deferred Deferred - Pending Action
Stored XSS in GLPI ITIL Costs

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-23
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-40108
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
glpi glpi to 11.0.6 (inc)
glpi glpi 11.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects GLPI, a free asset and IT management software. In versions 11.0.0 through 11.0.6, a technician user can store a Cross-Site Scripting (XSS) payload within ITIL costs. This means that malicious scripts can be injected and stored in the application, potentially leading to execution of unauthorized scripts when viewed by other users. The issue has been fixed in version 11.0.7.

Impact Analysis

The vulnerability allows a technician to inject and store malicious scripts in the GLPI software. This can lead to Cross-Site Scripting attacks, which may result in unauthorized actions being performed on behalf of users, theft of session tokens or credentials, and potential compromise of user accounts or sensitive information.

Mitigation Strategies

The vulnerability in GLPI versions 11.0.0 through 11.0.6 can be mitigated by upgrading to version 11.0.7 or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart