Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal th...
CVE-2026-25937
Summary
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.
Original title
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal th...
Original description
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.
nvd CVSS3.1
6.5
Vulnerability type
CWE-287
Improper Authentication
Published: 18 Mar 2026 · Updated: 18 Mar 2026 · First seen: 18 Mar 2026