{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/glpi/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-32312"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["glpi"],"_cs_severities":["high"],"_cs_tags":["glpi","vulnerability","security-policy-bypass","data-breach"],"_cs_type":"advisory","_cs_vendors":["GLPI"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in GLPI, a web-based IT service management software. These vulnerabilities, affecting GLPI versions 11.0.x prior to 11.0.7 and versions prior to 10.0.25, can be exploited by an attacker to achieve unauthorized access to sensitive information and circumvent established security policies. The vulnerabilities are detailed in GLPI security advisories GHSA-58j6-94cf-gcx5 and GHSA-cg63-qchq-q626, published on May 18, 2026. Successful exploitation could lead to significant data breaches and unauthorized modification of GLPI configurations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eWhile the specific exploitation methods for CVE-2026-32312 and CVE-2026-42320 are not detailed in the source, a generalized attack chain based on the vulnerability descriptions can be inferred:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable GLPI instance running a version prior to 11.0.7 or 10.0.25.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting one of the identified vulnerabilities (CVE-2026-32312 or CVE-2026-42320).\u003c/li\u003e\n\u003cli\u003eDepending on the vulnerability, this request may involve manipulating input parameters or exploiting insecure deserialization.\u003c/li\u003e\n\u003cli\u003eThe crafted request bypasses security policy checks implemented within GLPI.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data stored within the GLPI system, such as user credentials, configuration details, or ticket information.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker modifies GLPI configurations, granting themselves elevated privileges or disabling security features.\u003c/li\u003e\n\u003cli\u003eThe attacker may then use their elevated privileges to further compromise the system or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to a significant breach of data confidentiality within the GLPI system. Attackers could gain access to sensitive information such as user credentials, system configurations, and customer data. This can result in financial loss, reputational damage, and legal liabilities for the affected organization. The vulnerabilities also allow for the circumvention of security policies, potentially enabling attackers to perform unauthorized actions and further compromise the system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches provided by GLPI in their security advisories GHSA-58j6-94cf-gcx5 and GHSA-cg63-qchq-q626 to remediate the vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting GLPI instances, looking for unusual requests or patterns that might indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) rule to detect and block requests exploiting CVE-2026-32312 and CVE-2026-42320.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect GLPI Security Policy Bypass\u0026rdquo; to identify potential attempts to circumvent security policies within GLPI.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T12:12:35Z","date_published":"2026-05-19T12:12:35Z","id":"https://feed.craftedsignal.io/briefs/2026-05-glpi-vulns/","summary":"Multiple vulnerabilities in GLPI versions prior to 11.0.7 and 10.0.25 allow an attacker to compromise data confidentiality and bypass security policies.","title":"Multiple Vulnerabilities in GLPI Allow Data Confidentiality Breach and Security Policy Bypass","url":"https://feed.craftedsignal.io/briefs/2026-05-glpi-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — GLPI","version":"https://jsonfeed.org/version/1.1"}