SQL Injection Vulnerability in mreporting Plugin for GLPI
CVE-2026-22821
4.9MEDIUM
What is CVE-2026-22821?
The mreporting plugin, used for reporting in GLPI, is susceptible to SQL injection due to inadequate input validation when handling date changes. This flaw allows an attacker to manipulate SQL queries, potentially resulting in unauthorized data access and exposure. Users are advised to upgrade to version 1.9.4 or later, where this vulnerability has been addressed. For additional details and mitigation steps, please refer to the official GitHub advisory.
Affected Version(s)
mreporting < 1.9.4
