CVE-2026-32312

GLPI is a free asset and IT management software package

NONEMonitor

Published:May 19, 2026(Today)

Modified:May 19, 2026

AI Explanation

In GLPI versions 11.0.0 through 11.0.6, an authenticated user with 'READ' permission for forms can export the structure of forms they are not authorized to access. This allows them to view the design and fields of sensitive forms without proper permissions. The vulnerability specifically affects the export functionality.

▶Show original NVD description

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

Authenticated GLPI users with forms READ permission are at risk of unauthorized form structure export, presenting a low severity information exposure for form metadata.

Monitor & Review

Low severity — keep this CVE on your radar and patch during routine maintenance.

Patch Status:Not Available

What should I do?

No official patch is available yet — apply vendor workarounds if provided.
Review the affected versions below to confirm your exposure.
Monitor this CVE for patch releases and apply them as soon as available.

How to Fix

1["Upgrade GLPI to version 11.0.7 or later."]

Timeline

Published
CVE disclosed publicly
May 19, 2026Today
Last Modified
Most recent update
May 19, 2026Today
Indexed to CVEInsight
Added to this platform
May 19, 2026Today

References

https://github.com/glpi-project/glpi/releases/tag/11.0.7
https://github.com/glpi-project/glpi/security/advisories/GHSA-cg63-qch...

CVSS Score

v3.1

N/A/ 10.0

NONE

At a Glance

Affected Products

References

CVE-2026-32312

✦ AI Explanation

How to Fix

Timeline

References

CVSS Score

At a Glance

Official Sources

AI Explanation