Primary

Context

GLPI Multi-Factor Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Patched

A vulnerability in GLPI, an open-source asset and IT management software, allows a malicious actor with knowledge of a user's credentials to bypass multi-factor authentication (MFA) and take over the account. This issue affects GLPI versions 11.0.0 prior to 11.0.6.

Impact

Exploitation of this vulnerability allows for unauthorized account access by bypassing multi-factor authentication.

Remediation

Users are advised to upgrade to GLPI version 11.0.6, which addresses this vulnerability.

Added: Mar 18, 2026, 12:30 AM

Updated: Mar 18, 2026, 12:30 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Multi-Factor Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating