CVE-2026-13490 | glpi-project glpi 11.0.5/11.0.6/11.0.7 Document front/document.send.php Document::canViewFile docid authorization

Inserito da Angelo Barbosa | Giu 27, 2026 | CVE

A vulnerability classified as critical was found in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass.

This vulnerability is documented as CVE-2026-13490. The attack can be executed remotely. There is not any exploit available.

The vendor was contacted early about this disclosure.

CVE-2026-13490 | glpi-project glpi 11.0.5/11.0.6/11.0.7 Document front/document.send.php Document::canViewFile docid authorization

Post correlati

CVE-2024-34217 | Totolink CP450 4.1.0cu.747_B20191224 addWlProfileClientMode stack-based overflow

CVE-2024-27431 | Linux Kernel up to 5.10.212/5.15.151/6.1.81/6.6.21/6.7.9 cpumap xdp_rxq_info random values

CVE-2026-44972 | DataDog guarddog escape output

CVE-2023-50206 | D-Link G416 flupl query_type command injection (ZDI-23-1822)