SQL Injection Vulnerability in mreporting Plugin for GLPI
CVE-2026-22821

4.9MEDIUM

Key Information:

Vendor
CVE Published:
12 February 2026

What is CVE-2026-22821?

The mreporting plugin, used for reporting in GLPI, is susceptible to SQL injection due to inadequate input validation when handling date changes. This flaw allows an attacker to manipulate SQL queries, potentially resulting in unauthorized data access and exposure. Users are advised to upgrade to version 1.9.4 or later, where this vulnerability has been addressed. For additional details and mitigation steps, please refer to the official GitHub advisory.

Affected Version(s)

mreporting < 1.9.4

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.