EUVD-2026-39990

🗓️ 28 Jun 2026 12:30:28Reported by EUVDType

Remote authorization bypass in GLPI 11.0.5–11.0.7 via Document::canViewFile by docid manipulation.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-13490	28 Jun 202611:00	–	attackerkb
CVE	CVE-2026-13490	28 Jun 202611:00	–	cve
Cvelist	CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization	28 Jun 202611:00	–	cvelist
NVD	CVE-2026-13490	28 Jun 202612:17	–	nvd
Positive Technologies	PT-2026-53103	28 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "ce383008-2266-3c9b-8ebb-b19474de4c54",
        "vendor": {
          "name": "glpi-project"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1cb3a5d5-5ee2-353e-b5e9-5f76639486ef",
        "product": {
          "name": "glpi",
          "vendor": {
            "name": "glpi-project"
          }
        },
        "product_version": "11.0.5"
      },
      {
        "id": "4f801638-976c-30c6-9700-6011db74165f",
        "product": {
          "name": "glpi",
          "vendor": {
            "name": "glpi-project"
          }
        },
        "product_version": "11.0.6"
      },
      {
        "id": "b52ae2cd-c96d-3e65-ab66-4afd71701b89",
        "product": {
          "name": "glpi",
          "vendor": {
            "name": "glpi-project"
          }
        },
        "product_version": "11.0.7"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/374487
vuldb	www.vuldb.com/vuln/374487/cti
vuldb	www.vuldb.com/cve/CVE-2026-13490
vuldb	www.vuldb.com/submit/838225
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-13490

28 Jun 2026 12:30Current

5.4Medium risk

Vulners AI Score5.4

CVSS 46.3

CVSS 22.6

CVSS 3.13.7

CVSS 33.7