Remote Code Execution Vulnerability in GLPI Plugin by Plugins GLPI
CVE-2026-23489
9.1CRITICAL
What is CVE-2026-23489?
The GLPI Fields plugin, designed to enhance GLPI item forms with custom fields, contains a significant vulnerability that permits users allowed to create dropdowns to execute arbitrary PHP code. This oversight affects versions prior to 1.23.3 and has been addressed in the latest update. Organizations using this plugin are urged to upgrade to version 1.23.3 or later to mitigate potential security risks.
Affected Version(s)
fields < 1.23.3
