CVE-2026-13490

Publication date 30 June 2026

Last updated 30 June 2026


Ubuntu priority

Cvss 3 Severity Score

3.7 · Low

Score breakdown

Description

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.

Status

Package Ubuntu Release Status
glpi 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release

Severity score breakdown

CVSS version:

Base score 6.3 · Medium

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Base score 3.7 · Low

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N


Access our resources on patching vulnerabilities