Executive Summary

CVE-2026-42318 is a high-severity vulnerability in GLPI versions 9.5.0 up to 11.0.6 that allows a technician with planning access to delete any object within the GLPI system without proper authorization.

This happens because the system fails to verify permissions correctly before allowing deletions, which is classified as CWE-862 (Missing Authorization).

The vulnerability can be exploited remotely with low attack complexity and does not require user interaction.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to significant integrity and availability loss in the GLPI system because unauthorized deletion of any object is possible.

While confidentiality is not affected, the ability for a technician to delete critical assets or IT management data without proper authorization can disrupt operations and data reliability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should disable delete rights for users who have access to planning in GLPI.

Additionally, upgrading GLPI to version 10.0.25 or 11.0.7 will patch the vulnerability.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows a technician with planning access to delete any object in GLPI without proper authorization, leading to high integrity and availability loss of the system.

Such unauthorized deletion of data could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over data integrity and availability.

However, the vulnerability does not affect confidentiality, and no direct information about compliance impact is provided.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unauthorized deletion of objects by users with planning access in GLPI versions 9.5.0 to 11.0.6. Detection involves monitoring for unexpected or unauthorized deletion activities within the GLPI application, especially actions performed by users with technician or planning access.

Since the vulnerability is related to permission bypass, you can audit user roles and permissions in GLPI to identify if any low privilege users have delete rights enabled on planning objects.

There are no specific commands provided in the available resources to detect exploitation on the network or system level. However, general approaches include:

• Review GLPI audit logs for deletion events and correlate them with user roles.
• Use GLPI's built-in user management interface to verify and disable delete rights for users with planning access as a workaround.
• Monitor HTTP requests to the GLPI server for suspicious delete operations originating from users with planning access.

For command-line detection, if you have access to the GLPI database, you might query audit or log tables for deletion events by users with planning roles, but no specific commands are detailed in the provided resources.

Useful 0 Not Useful 0