EUVD-2026-34102

🗓️ 03 Jun 2026 14:06:12Reported by EUVDType

GLPI versions before 10.0.25 and 11.0.7 allow config read users to read an asset object; upgrade to 10.0.25 or 11.0.7.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-44281	3 Jun 202614:06	–	attackerkb
CVE	CVE-2026-44281	3 Jun 202614:06	–	cve
Cvelist	CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object	3 Jun 202614:06	–	cvelist
NVD	CVE-2026-44281	3 Jun 202616:16	–	nvd
Positive Technologies	PT-2026-45960	3 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object	3 Jun 202614:06	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "f379d420-a814-34e7-a84a-174bb26f47a2",
        "vendor": {
          "name": "glpi-project"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "26cbb981-6049-3b73-8cc2-cf566b02860f",
        "product": {
          "name": "glpi",
          "vendor": {
            "name": "glpi-project"
          }
        },
        "product_version": "11.0.0, < 11.0.7"
      },
      {
        "id": "f1532673-ceed-3e8a-afb2-fa9ffdf93a78",
        "product": {
          "name": "glpi",
          "vendor": {
            "name": "glpi-project"
          }
        },
        "product_version": "0.78, < 10.0.25"
      }
    ]
  }
]

Source	Link
github	www.github.com/glpi-project/glpi/security/advisories/GHSA-prjc-xwmh-rhxw

03 Jun 2026 16:02Current

5.8Medium risk

Vulners AI Score5.8

CVSS 47

SSVC