{"id":441392,"date":"2026-06-29T09:00:00","date_gmt":"2026-06-29T07:00:00","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=441392"},"modified":"2026-06-26T11:16:32","modified_gmt":"2026-06-26T09:16:32","slug":"security-advisory-glpi-plugins-update","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/en\/security-advisory-glpi-plugins-update\/","title":{"rendered":"Security Advisory: Update Required for Multiple GLPI Community Plugins"},"content":{"rendered":"\n
We are notifying the GLPI community of several security vulnerabilities identified in a number of community plugins. Updates are available and should be deployed promptly on all affected instances.<\/p>\n\n\n\n
<\/div>\n\n\n\n
Affected Plugins and Vulnerabilities<\/h3>\n\n\n\n
<\/div>\n\n\n
\n<\/figure>\n<\/div>\n\n\n
<\/div>\n\n\n\n
The vulnerabilities identified cover a range of severity levels, including a critical Remote Code Execution (RCE) flaw in GenericObject<\/strong> (CVSS 8.9), multiple SQL injection and Cross-Site Scripting issues across several plugins, and access control malfunctions in Escalade<\/strong>, Credit<\/strong>, and Glpinventory<\/strong>.<\/p>\n\n\n\n
Recommendations<\/h3>\n\n\n\n
We strongly recommend planning and deploying updates for all affected plugins as soon as possible on your GLPI instances, in order to maintain an optimal level of security and reduce the risk of exploitation.<\/p>\n\n\n\n
Priority should be given to GenericObject<\/strong> (CVSS 8.9 \u2013 Critical), as it exposes instances to remote code execution.<\/p>\n\n\n\n
GLPI Network Cloud Platforms<\/h3>\n\n\n\n
All fixes related to the plugins listed above have already been deployed on GLPI Network Cloud Public<\/strong> and GLPI Network Cloud Private<\/strong> platforms. No action is required for instances hosted in our managed environments.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-1024x800.png\")
<\/figure>\n<\/div>\n\n\n<\/div>\n\n\n\n