CVE-2026-22247 – GLPI administrators can exploit a Server-Side R... (How to Fix)

Q: What is the severity of CVE-2026-22247?

CVE-2026-22247 has a CVSS score of 4.1 (MEDIUM). GLPI administrators can exploit a Server-Side Request Forgery (SSRF) vulnerability through the Webhook feature, allowing them to make unauthorized requests to internal systems. This affects GLPI versions 11.0.0 through 11.0.4. The vulnerability requires administrator privileges to exploit.

📋 TL;DR

GLPI administrators can exploit a Server-Side Request Forgery (SSRF) vulnerability through the Webhook feature, allowing them to make unauthorized requests to internal systems. This affects GLPI versions 11.0.0 through 11.0.4. The vulnerability requires administrator privileges to exploit.

💻 Affected Systems

Products:

GLPI

Versions: 11.0.0 to 11.0.4

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator access to the GLPI web interface to exploit the webhook feature.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator could access internal services, exfiltrate sensitive data, or pivot to other systems if internal network access is possible.

🟠

Likely Case

Administrator could probe internal network services, potentially discovering other vulnerable systems or accessing internal-only resources.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent internal service access from the GLPI server.

🌐 Internet-Facing: MEDIUM - Internet-facing GLPI instances could allow attackers who compromise admin accounts to pivot to internal networks.

🏢 Internal Only: MEDIUM - Internal GLPI instances still allow admin users to potentially access other internal services they shouldn't.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials and access to the webhook configuration interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.5

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x

Restart Required: No

Instructions:

1. Backup your GLPI installation and database. 2. Download GLPI 11.0.5 from the official releases. 3. Replace existing files with new version. 4. Run the update script via web interface or CLI.

🔧 Temporary Workarounds

Disable Webhook Feature

all

Remove or restrict access to the webhook functionality in GLPI

# Edit GLPI configuration or remove webhook menu permissions for admin users

Restrict Admin Access

all

Limit administrator accounts to trusted users only and implement MFA

# Review and reduce admin user count
# Implement multi-factor authentication

🧯 If You Can't Patch

Implement strict network segmentation to isolate GLPI server from internal services
Monitor and audit webhook configuration changes and unusual outbound requests from GLPI server

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in Administration > General > Information, or run: php glpi/inc/glpi_version.php

Check Version:

php glpi/inc/glpi_version.php

Verify Fix Applied:

Verify version is 11.0.5 or higher, and test webhook functionality with internal URLs to confirm restrictions

📡 Detection & Monitoring

Log Indicators:

Unusual webhook configuration changes
Outbound HTTP requests from GLPI to internal IP ranges

Network Indicators:

GLPI server making unexpected HTTP requests to internal services

SIEM Query:

source="glpi.log" AND ("webhook" OR "configuration change") AND admin_user

📊 Metadata

CVE ID: CVE-2026-22247

CVSS v3 Score: 4.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE: CWE-918

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: February 4, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/glpi-project/glpi/releases/tag/11.0.5 Product,Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22247, you might also want to check these: