{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22248", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-07T05:19:12.921Z", "datePublished": "2026-03-11T15:27:04.975Z", "dateUpdated": "2026-03-12T03:55:34.194Z"}, "containers": {"cna": {"title": "GLPI affected by Remote Code Execution via malicious upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4"}], "affected": [{"vendor": "glpi-project", "product": "glpi", "versions": [{"version": ">= 11.0.0, < 11.0.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T15:27:04.975Z"}, "descriptions": [{"lang": "en", "value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5."}], "source": {"advisory": "GHSA-c9q3-mcxq-9vr4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-22248"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T03:55:34.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T17:23:57.930724Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T17:24:20.375Z"}}], "cna": {"title": "GLPI affected by Remote Code Execution via malicious upload", "source": {"advisory": "GHSA-c9q3-mcxq-9vr4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "glpi-project", "product": "glpi", "versions": [{"status": "affected", "version": ">= 11.0.0, < 11.0.5"}]}], "references": [{"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4", "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T15:27:04.975Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22248", "state": "PUBLISHED", "dateUpdated": "2026-03-12T03:55:34.194Z", "dateReserved": "2026-01-07T05:19:12.921Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T15:27:04.975Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teclib-edition:glpi:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8CF258C-44C2-47E5-80D3-4249F46C13E4", "versionEndExcluding": "11.0.5", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiation. This vulnerability is fixed in 11.0.5."}, {"lang": "es", "value": "GLPI es un paquete de software de c\u00f3digo abierto para la gesti\u00f3n de activos y TI que proporciona caracter\u00edsticas de Service Desk ITIL, seguimiento de licencias y auditor\u00eda de software. Desde la versi\u00f3n 11.0.0 hasta antes de la 11.0.5, un usuario t\u00e9cnico autenticado puede cargar un archivo malicioso y desencadenar su ejecuci\u00f3n a trav\u00e9s de una instanciaci\u00f3n PHP insegura. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 11.0.5."}], "id": "CVE-2026-22248", "lastModified": "2026-03-20T14:29:50.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-11T16:16:24.103", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.0.0,11.0.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glpi", "source": "cna", "vendor": "glpi-project"}, "product": "glpi", "vendor": "glpi-project"}], "analysis": {"en": {"generated_at": "2026-03-20T15:30:32.215981+00:00", "value": {"mitigation_remediation": ["Upgrade GLPI to version 11.0.5 or later to apply the vendor fix.", "If an immediate upgrade is not possible, restrict file upload capabilities for technician accounts and monitor uploads for suspicious content."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in the glpi product from the glpi\u2011project (CPE: cpe:2.3:a:teclib-edition:glpi:*:*:*:*:*:*:*:*). Affected software versions range from 11.0.0 up to but excluding 11.0.5; versions 11.0.5 and later contain the fix.", "description_and_impact": "GLPI is an open\u2011source asset and IT management platform that offers ITIL Service Desk features and software licensing tracking.\nBetween versions 11.0.0 and 11.0.4, an authenticated technician with user privileges can upload a specially crafted file and trigger its execution via unsafe PHP instantiation. This flaw allows attackers to run arbitrary code on the server, compromising confidentiality, integrity and availability, and is classified as CWE\u2011502 (Serialization Issues).", "risk_and_exploitability": "The CVSS assessment assigns a score of 8.1, indicating high severity. The EPSS score is below 1\u202f%, suggesting a low current exploitation likelihood, and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires the attacker to have authenticated access as a technician, but once that is achieved, remote code execution can be performed. Administrators should treat this as a critical issue and ensure the software is updated promptly."}}}}, "created": "2026-03-12T10:05:43.817031+00:00", "updated": "2026-03-23T09:55:31.978110+00:00", "vendors": ["glpi-project", "glpi-project$PRODUCT$glpi"]}