The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from ...

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from ...

CVE-2026-26001

Summary

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6.

Original title

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-89 SQL Injection

https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-g...

Published: 18 Mar 2026 · Updated: 18 Mar 2026 · First seen: 18 Mar 2026