CVE-2026-22247 MEDIUM

CVE-2026-22247: GLPI is Vulnerable to SSRF via Webhooks

Vendor Glpi-Project
Product glpi
Weakness CWE-918 · SSRF
Published February 4, 2026
Last update February 5, 2026

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Key dates

02Disclosure timeline

February 4, 2026 CVE published
February 5, 2026 Record updated

Related vulnerabilities

04Related CVE