{"id":441046,"date":"2026-06-24T11:06:35","date_gmt":"2026-06-24T09:06:35","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=441046"},"modified":"2026-06-24T11:08:34","modified_gmt":"2026-06-24T09:08:34","slug":"glpi-11-0-8-and-10-0-26-available","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/en\/glpi-11-0-8-and-10-0-26-available\/","title":{"rendered":"GLPI 11.0.8 and 10.0.26 are now available!"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Two new GLPI versions are available<\/h2>\n\n\n\n<p>11.0.8 and 10.0.26 releases fix several&nbsp;critical security issues&nbsp;that have been recently discovered. Update is&nbsp;stronglyrecommended!<\/p>\n\n\n\n<p>Many bug fixes have also been made, read the changelogs for more details:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/88?closed=1\" target=\"_blank\" rel=\"noopener\">11.0.8 changelog<\/a> <\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/89?closed=1\" target=\"_blank\" rel=\"noopener\">10.0.26 changelog<\/a><\/li>\n<\/ul>\n\n\n\n<p>You can download the new archives on GitHub:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" rel=\"noreferrer noopener\">11.0.8 archive<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">10.0.26 archive<\/a><\/li>\n<\/ul>\n\n\n\n<p>You will find below the list of security issues fixed in theses bugfixes versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[SECURITY - ==Medium== 10.0 &amp; 11.0] Unauthorized debug mode activation (CVE-2026-45801)<\/li>\n\n\n\n<li>[SECURITY - ==Medium== 10.0 &amp; 11.0] LDAP filter injection in user import feature (CVE-2026-49469)<\/li>\n\n\n\n<li>[SECURITY - ==Medium== 10.0 &amp; 11.0] Unallowed authentication method update by administrator (CVE-2026-53628)<\/li>\n\n\n\n<li>[SECURITY - ==Medium== 11.0] Unexpected access to update operations through the API (CVE-2026-53627)<\/li>\n\n\n\n<li>[SECURITY - ==Medium== 10.0 &amp; 11.0] Unallowed modfication of knowbase items comments and translations (CVE-2026-55217)<\/li>\n\n\n\n<li>[SECURITY - ==Medium== 10.0 &amp; 11.0] Unallowed notifications sending (CVE-2026-57152)<\/li>\n\n\n\n<li>[SECURITY - ==High== 10.0 &amp; 11.0] SQL injection in dropdowns (CVE-2026-47678)<\/li>\n\n\n\n<li>[SECURITY - ==High== 10.0 &amp; 11.0] Arbitrary file deletion (CVE-2026-47679)<\/li>\n\n\n\n<li>[SECURITY - ==High== 11.0] Account takeover via 2FA brute force (CVE-2026-49470)<\/li>\n\n\n\n<li>[SECURITY - ==High== 10.0 &amp; 11.0] Privilege Escalation via authtype API manipulation (CVE-2026-53625)<\/li>\n\n\n\n<li>[SECURITY - ==High== 11.0] Reflected XSS in dashboards (CVE-2026-53610)<\/li>\n\n\n\n<li>[SECURITY - ==High== 11.0] Arbitrary document read (CVE-2026-53626)<\/li>\n\n\n\n<li>[SECURITY - ==High== 10.0 &amp; 11.0] SQL injection in history tab (CVE-2026-53629)<\/li>\n\n\n\n<li>[SECURITY - ==High== 11.0] Stored XSS in suppliers (CVE-2026-55214)<\/li>\n\n\n\n<li>[SECURITY - ==CRITICAL== 11.0] RCE via Form import (CVE-2026-48482)<\/li>\n\n\n\n<li>[SECURITY - ==CRITICAL== 11.0] MFA bypass (CVE-2026-52848)<\/li>\n<\/ul>\n\n\n\n<p>We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">Download GLPI<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two new GLPI versions are available 11.0.8 and 10.0.26 releases fix several&nbsp;critical security issues&nbsp;that have been recently discovered. Update is&nbsp;stronglyrecommended! Many bug fixes have also been made, read the changelogs for more details: You can download the new archives on GitHub: You will find below the list of security issues fixed in theses bugfixes versions: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":441047,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-441046","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-versions"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/441046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/comments?post=441046"}],"version-history":[{"count":7,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/441046\/revisions"}],"predecessor-version":[{"id":441350,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/441046\/revisions\/441350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media\/441047"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media?parent=441046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/categories?post=441046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/tags?post=441046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}