Multiple Security Vulnerabilities Discovered in GLPI Including SSRF and XSS Flaws

Multiple vulnerabilities were discovered in GLPI on 07 May 2026, as reported by CERT-FR. These flaws enable attackers to compromise data integrity, execute Server-Side Request Forgery (SSRF), and perform remote cross-site scripting (XSS) attacks. The notice specifies impacts including unauthorized data modification, indirect code injection, and potential exploitation of server-side request mechanisms. No CVE identifiers, affected version ranges, or specific technical exploitation details were provided in the advisory. The vulnerabilities were disclosed via the French government's cybersecurity agency.