SQL Injection Vulnerability in GLPI Asset Management Software
CVE-2026-29047

7.2HIGH

Key Information:

Vendor: GLPI Project
Status: Glpi
Vendor: CVE Published:; 6 April 2026

🔔 Create GLPI Project Vulnerability Alert

What is CVE-2026-29047?

GLPI, a free and widely used asset and IT management software, suffers from a SQL injection vulnerability that allows authenticated users to exploit the logs export feature. This can potentially lead to unauthorized access to sensitive information. The vulnerability primarily affects versions 10.0.0 through 10.0.23 and 11.0.0 through 11.0.5, which have been updated to versions 10.0.24 and 11.0.6 to mitigate this risk. Users are advised to upgrade to the latest versions to secure their systems.

Affected Version(s)

glpi >= 10.0.0, 10.0.24 >= 10.0.0, 10.0.24

glpi >= 11.0.0-alpha, < 11.0.6 < 11.0.0-alpha, 11.0.6

References

https://github.com/glpi-project/glpi/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-29047 Data

JSON