CVE-2026-22247

EPSS 0.02%
Veröffentlicht 04.02.2026 17:10:30
Zuletzt bearbeitet 06.02.2026 21:19:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

GLPI is Vulnerable to SSRF via Webhooks

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 11.0.0 < 11.0.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x

Vendor Advisory

https://github.com/glpi-project/glpi/releases/tag/11.0.5

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-22247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22247

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22247