{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-26263/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-26263"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","glpi","cve-2026-26263","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGLPI, a widely used free asset and IT management software, is vulnerable to a critical security flaw. Specifically, versions 11.0.0 to before 11.0.6 contain an unauthenticated time-based blind SQL injection vulnerability (CVE-2026-26263) within its search engine functionality. This vulnerability allows remote attackers to inject malicious SQL code without needing prior authentication. Exploitation could lead to unauthorized data access, modification, or deletion, potentially compromising the entire GLPI instance and the sensitive information it manages. The vulnerability was reported on April 6th, 2026 and patched in version 11.0.6. Organizations using affected versions of GLPI should upgrade immediately to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a GLPI instance running a vulnerable version (11.0.0 to 11.0.5).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the search engine functionality.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a time-based blind SQL injection payload within a search query parameter.\u003c/li\u003e\n\u003cli\u003eThe GLPI server processes the malicious SQL query without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code interacts with the database, causing time delays based on conditional logic.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the response times to infer the results of the injected SQL queries.\u003c/li\u003e\n\u003cli\u003eThrough repeated requests, the attacker extracts sensitive data from the database, such as usernames, passwords, or configuration details.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials to gain unauthorized access to the GLPI system or other related resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-26263 can lead to complete compromise of the GLPI instance. Attackers can access sensitive IT asset data, user credentials, and system configurations. This can result in data breaches, financial loss, and reputational damage. Given GLPI\u0026rsquo;s widespread use in IT management, a successful attack could impact numerous organizations across various sectors. If exploited, attackers can use the compromised GLPI instance as a pivot point to further compromise the internal network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GLPI to version 11.0.6 or later to patch CVE-2026-26263.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts targeting the GLPI search functionality.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing SQL injection payloads, focusing on parameters used by the GLPI search engine.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent SQL injection vulnerabilities in web applications.\u003c/li\u003e\n\u003cli\u003eRegularly review and update web application firewalls (WAFs) with the latest rules to block known SQL injection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T15:17:07Z","date_published":"2026-04-06T15:17:07Z","id":"/briefs/2026-04-glpi-sql-injection/","summary":"GLPI versions 11.0.0 to before 11.0.6 are susceptible to an unauthenticated time-based blind SQL injection vulnerability in the search engine, allowing remote attackers to potentially extract sensitive information.","title":"GLPI Unauthenticated Time-Based Blind SQL Injection Vulnerability (CVE-2026-26263)","url":"https://feed.craftedsignal.io/briefs/2026-04-glpi-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-26263","version":"https://jsonfeed.org/version/1.1"}