CVE-2026-22247

EPSS 0.03%
Veröffentlicht 04.02.2026 17:10:30
Zuletzt bearbeitet 06.02.2026 21:19:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 11.0.0 < 11.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x

Vendor Advisory

https://github.com/glpi-project/glpi/releases/tag/11.0.5

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-22247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22247

EUVD