Primary

Context

GLPI Arbitrary Object Deletion Vulnerability for Low Privilege Users in Planning

Vulnerability

Patched

A vulnerability exists in GLPI versions 9.5.0 prior to 10.0.25 and 11.0.0 prior to 11.0.7, allowing low privilege users with access to planning to delete any object within the application. This issue arises from inadequate permission controls, enabling unauthorized deletion of items.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of objects in GLPI by users with planning access.

Remediation

Users can upgrade to GLPI versions 10.0.25 or 11.0.7 to address this vulnerability. As an alternative, delete rights for User's planning can be disabled.

Added: Jun 3, 2026, 4:25 PM

Updated: Jun 3, 2026, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

8.3

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

8.3

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Arbitrary Object Deletion Vulnerability for Low Privilege Users in Planning

Vulnerability

Impact

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating