GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26026.json",
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"cna_assigner": "GitHub_M"
}