IT-Connect » Tech News » GLPI 11.0.7 and 10.0.25: A Dozen Vulnerabilities Patched

Graphic announcing GLPI security updates: GLPI 11.0.7 and GLPI 10.0.25 on a dark red banner (IT-Connect.fr).
Tech News

GLPI 11.0.7 and 10.0.25: A Dozen Vulnerabilities Patched

Florian Burnel 0 Comments

The GLPI team has just unveiled two new security updates: 11.0.7 and 10.0.25. In total, around ten vulnerabilities have been fixed in GLPI 11, as well as in GLPI 10, the older version that is still maintained.

GLPI 11.0.7

The 7th minor update of GLPI 11 was released on Wednesday, April 29, 2026. If I am publishing this article today, it is because it patches a substantial set of vulnerabilities: 13 in total, in GLPI 11 alone. Among these vulnerabilities, 4 are considered important, which I will go into in more detail below.

In particular, there are two Stored XSS vulnerabilities. In theory, this type of flaw can allow a malicious script to be injected and then stored on the server where the vulnerable application is running.

  • CVE-2026-40108 : Stored XSS in the ITIL cost management module.
  • CVE-2026-5385 : Stored XSS in the knowledge base module.

In addition to script injection risks, two other important vulnerabilities expose GLPI instances to the deletion of data and items:

  • CVE-2026-42318 : a vulnerability that allows arbitrary item deletion through scheduling.
  • CVE-2026-42317 : a flaw that allows arbitrary file deletion by a user with a technician profile.

The remaining four vulnerabilities were patched in GLPI's Webhooks feature. You can find the full changelog on GitHub.

If you want to learn more about GLPI 11, I invite you to read this article:

GLPI 10.0.25

On April 29, 2026, version 10.0.25 of GLPI 10 was also released. It patches a set of seven security flaws. If the number of fixes is lower, that is normal: some vulnerabilities are tied to features available only in GLPI 11, such as those related to Webhooks.

The key takeaway is that GLPI 10.0.25 fixes the four important vulnerabilities detailed above, which are also present in GLPI 11. Once again, all the details are available in the changelog published on GitHub.

As always, I can only recommend that you update your GLPI instance. If you need help, check out this tutorial:

author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

France map silhouette in tricolor beside Microsoft logo with a red X and Scaleway logo with a green check, indicating a choice between providers.

France Replaces Microsoft with Scaleway to Host Health Data

Florian Burnel 0
Abstract tech scene with Windows logo, floating app icons, and a Rufus 4.14 badge, plus a French settings dialog overlay.

Fed Up with Bloatware? Rufus 4.14 Streamlines and Cleans Up Windows 11 Installation

Florian Burnel 0
Proxmox Backup Server 4.2 banner with the Proxmox logo on the left and a server rack illustration in orange hues on the right.

Proxmox Backup Server 4.2 Released: Key New Features Explained

Florian Burnel 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.