ctipilot.chSwitzerland · Europe · Public sector

GLPI < 10.0.25 / 11.0.7 — XSS (CERTFR-2026-AVI-0551)

cve · CVE-2026-42318

Coverage timeline
1
first 2026-05-08 → last 2026-05-08
Briefs
1
1 distinct
Sources cited
1
1 hosts
Sections touched
1
trending-vulnerabilities
Co-occurring entities
7
see Related entities below

Story timeline

  1. 2026-05-08CTI Daily Brief — 2026-05-08
    trending-vulnerabilitiesFirst coverage (batch with GLPI CERTFR-2026-AVI-0551).

Where this entity is cited

  • trending-vulnerabilities1

Source distribution

  • cert.ssi.gouv.fr1 (100%)

Related entities

External references

NVD · cve.org · CISA KEV

All cited sources (1)

Items in briefs about GLPI < 10.0.25 / 11.0.7 — XSS (CERTFR-2026-AVI-0551) (1)

GLPI CERTFR-2026-AVI-0551 — Seven CVEs including SSRF and XSS in EU ITSM platform (advisory 2026-04-29)

From CTI Daily Brief — 2026-05-08 · published 2026-05-10 · view item permalink →

France's CERT-FR published CERTFR-2026-AVI-0551 (April 29, 2026) covering seven CVEs in GLPI, the open-source IT Service Management platform widely deployed in European public-sector organisations and healthcare networks. Vulnerability types include SSRF (CVE-2026-32312), stored and reflected XSS (CVE-2026-42317, CVE-2026-42318, CVE-2026-42320, CVE-2026-42321), security policy bypass (CVE-2026-5385), and data integrity compromise (CVE-2026-40108). CVSS scores are not published in the advisory. No exploitation in the wild is confirmed. GLPI administrators should upgrade to version ≥ 10.0.25 (10.0.x branch) or ≥ 11.0.7 (11.x branch). Swiss federal and cantonal administrations and hospitals using GLPI as their ITSM are advised to schedule patching within the standard change window.