Primary

Context

GLPI Unauthorized Document Access Vulnerability

Vulnerability

Patched

A vulnerability in GLPI prior to versions 10.0.21 and 11.0.3 allows unauthorized users to access documents attached to any item, such as tickets or assets. This issue can be exploited by anonymous users if the public FAQ feature is enabled.

Impact

Exploitation of this vulnerability allows unauthorized access to documents, which could lead to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, an unauthorized user can request documents attached to items through the GLPI interface. If the public FAQ is enabled, this can be done anonymously. In versions prior to 10.0.21 and 11.0.3, the document access control did not properly restrict visibility based on user permissions or item associations.

Remediation

Users are advised to upgrade to GLPI versions 10.0.21 or 11.0.3.

Added: Jan 15, 2026, 4:24 PM

Updated: Jan 15, 2026, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Unauthorized Document Access Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating