{"id":438983,"date":"2026-03-03T14:58:18","date_gmt":"2026-03-03T13:58:18","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=438983"},"modified":"2026-03-03T14:58:20","modified_gmt":"2026-03-03T13:58:20","slug":"glpi-new-versions-11-0-6-and-10-0-24","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/en\/glpi-new-versions-11-0-6-and-10-0-24\/","title":{"rendered":"GLPI new versions: 11.0.6 and 10.0.24"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Two new GLPI versions are available.<\/h2>\n\n\n\n<p>These updates fix a recently discovered <strong>critical security vulnerability<\/strong>. <strong>Updating is highly recommended!<\/strong><\/p>\n\n\n\n<p>You can download the&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI 11.0.6 archive<\/a><\/strong>&nbsp;on GitHub.<\/p>\n\n\n\n<p>You will find below the list of security issues fixed in this bugfixes version:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[SECURITY -&nbsp;<strong>Critical<\/strong>] Server-Side Template Injection (CVE-2026-26026)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;<strong>High<\/strong>] Stored XSS via Inventory (CVE-2026-26027)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;<strong>High<\/strong>] Unauthenticated SQL Injection via Search engine (CVE-2026-26263)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<strong>High<\/strong>] Authenticated SQL Injection (CVE requested)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;<strong>Moderate<\/strong>] MFA bypass (CVE-2026-25937)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;<strong>Moderate<\/strong>] Authenticated SQL Injection (CVE-2026-25936)<\/li>\n<\/ul>\n\n\n\n<p>Also, here is a short list of important bug fixes included in this version:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fix linked ITIL objects visibility across entities and rights verification&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi\/pull\/22851\" target=\"_blank\" rel=\"noopener\">#22851<\/a><\/li>\n\n\n\n<li>Fix timeline crash when document dates are NULL&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi\/issues\/22134\" target=\"_blank\" rel=\"noopener\">#22134<\/a><\/li>\n\n\n\n<li>Fix Error creating template&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi\/issues\/23034\" target=\"_blank\" rel=\"noopener\">#23034<\/a><\/li>\n\n\n\n<li>Fix error creating ticket&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi\/issues\/22984\" target=\"_blank\" rel=\"noopener\">#22984<\/a><\/li>\n<\/ul>\n\n\n\n<p>The&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/84?closed=1\" target=\"_blank\" rel=\"noreferrer noopener\">full changelog is available<\/a><\/strong>&nbsp;for more details.<\/p>\n\n\n\n<p>Also, an XSS ([SECURITY -\u00a0<strong>High<\/strong>] Stored XSS in Supplier CVE-2026-25932) and [SECURITY -\u00a0<strong>High<\/strong>] Authenticated SQL Injection (CVE requested) have been detected on 10.0 branch, so a new version is also available today.<\/p>\n\n\n\n<p>You can download the&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI 10.0.24 archive<\/a><\/strong>&nbsp;on GitHub.<\/p>\n\n\n\n<p>We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!<\/p>\n\n\n\n<p>Regards.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">Update my GLPI<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Two new GLPI versions are available. These updates fix a recently discovered critical security vulnerability. Updating is highly recommended! You can download the&nbsp;GLPI 11.0.6 archive&nbsp;on GitHub. You will find below the list of security issues fixed in this bugfixes version: Also, here is a short list of important bug fixes included in this version: The&nbsp;full [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":438985,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-438983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-versions"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/438983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/comments?post=438983"}],"version-history":[{"count":3,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/438983\/revisions"}],"predecessor-version":[{"id":439422,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/438983\/revisions\/439422"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media\/438985"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media?parent=438983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/categories?post=438983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/tags?post=438983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}