Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
GLPI Inventory Plugin: Malicious Code Injection Through Reflected XSS
CVE-2026-25590
Summary
The GLPI Inventory Plugin has a security flaw that could allow hackers to inject malicious code into your system if a user clicks on a specially crafted link. This plugin is used for network discovery and inventory management. You should update to the latest version, 1.6.6, to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| glpi-project | glpi_inventory | <= 1.6.6 | – |
Original title
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This v...
Original description
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026